04-07-2015 12:42 AM
I have 2x 105-APs provisioned as RAPs. I am also using VIA - hence I have 2x IPSEC adress Pools configured under my VPN configuration tabs.
My propblem is My RAPs are coming up with the inner IP address of My VIA pool - so the raps aren't using my second configured address pool in IPSEC.
How can I change or set which IPSEC pool my RAPs use?
I am struggling to find where to change this or set it so any advice will be great.
Solved! Go to Solution.
04-07-2015 02:38 AM
We will not have any control on pool assignment, we generally create multiple pools for extending the pool size hence client can pick address from any of the pool.
If the pool has exhausted, it would automatically overflow to other pools (no control over which pool would be picked up though).
Please feel free for any further clarity on this.
[Is my post helped you ? Give Kudos :) ]
04-07-2015 05:18 AM
if you have just a small number of RAPs, perhaps you can edit the whitelist and add an internal IP there, thus making the rap inner ip static (can be anything really, other than overlapping something connected to the controller, also should not match the pools already configured). A little bit painful at scale, but for a small number of APs should be managable.
04-07-2015 05:37 AM
That seams reasonable THX for the suggestion - I only have the 2 x APs at the sirte so this is perfectly feasible.
I take for this to work correctly I will need to have Control Plane security enabled?
What are the risks of enabling Control Plane security in a environment for the 1st time?
04-07-2015 07:02 AM - edited 04-07-2015 07:02 AM
control-plane-security and RAP are two independant and unrelated things - whether or not you turn on CPSEC is (usually) more about whether you want bridging on a campus AP. For RAP, it doesnt matter either way (RAPis always ipsec based).
turning CPSEC on for the first time will cause your campus APs to all reboot