Wireless Access

Hi

I have 2x 105-APs provisioned as RAPs. I am also using VIA - hence I have 2x IPSEC adress Pools configured under my VPN configuration tabs.

My propblem is My RAPs are coming up with the inner IP address of My VIA pool - so the raps aren't using my second configured address pool in IPSEC.

How can I change or set which IPSEC pool my RAPs use?

I am struggling to find where to change this or set it so any advice will be great.

HI,

We will not have any control on pool assignment, we generally create multiple pools for extending the pool size hence client can pick address from any of the pool.

If the pool has exhausted, it would automatically overflow to other pools (no control over which pool would be picked up though).

Please feel free for any further clarity on this.

Hendrik

if you have just a small number of RAPs, perhaps you can edit the whitelist and add an internal IP there, thus making the rap inner ip static (can be anything really, other than overlapping something connected to the controller, also should not match the pools already configured). A little bit painful at scale, but for a small number of APs should be managable.

regards

jeff

Hi Jeff

That seams reasonable THX for the suggestion - I only have the 2 x APs at the sirte so this is perfectly feasible.

I take for this to work correctly I will need to have Control Plane security enabled?

What are the risks of enabling Control Plane security in a environment for the 1st time?

hi Hendrik

control-plane-security and RAP are two independant and unrelated things - whether or not you turn on CPSEC is (usually) more about whether you want bridging on a campus AP. For RAP, it doesnt matter either way (RAPis always ipsec based).

turning CPSEC on for the first time will cause your campus APs to all reboot

regards

-jeff