Home > Community > Technology > Wireless Access > RAP

Wireless Access

Reply
Topic Options
Oldjunk01
New Contributor
Oldjunk01
Posts: 2
Registered: ‎04-06-2012

RAP
Options

‎04-06-2012 09:52 AM

I'm trying to provisoin a zero touch RAP-5 and RAP 2 on my 3600 controller running 6.1.2.6 software

 

When I look in the 6.1 manual for RAPs it goes through setting up up vpn authentication using the internal database and setting up a user role for the RAP... etc ....etc ....etc.

 

I thought all I really had to do is put the RAP MAC address in the RAP whitelist and make sure there is an address pool for raps in the VPN IPSEC tab?

 

Is there a section in the manual that covers what you need for zero touch RAP configuration?  Seems like there are several steps in the manual that are not actually needed when doing this.

 

I must be missing something though because the RAP isn't connecting.  I see that it hit the controller because when i entered the outside ip address into the rap provisioning screen i now see 1 IPSEC down on my controller. But it isn't staying up after initial connection.

 

 

 

 

 

  
  
Alert a Moderator
Message 1 of 3 (1,963 Views)
Reply
0 Kudos
Oldjunk01
New Contributor
Oldjunk01
Posts: 2
Registered: ‎04-06-2012

Re: RAP
Options

‎04-06-2012 10:35 AM

I actualy got the rap up.  (I was missing a license for it)

 

but if there is a section that covers zero touch rap configuration for the controller please let me know where it is. Like I stated before looks like you really don't need to enter a lot of what the manual says.

 

I"m using ArubaOS_6.1UG.pdf and referencing Chapter 7

Alert a Moderator
Message 2 of 3 (1,957 Views)
Reply
0 Kudos
Aruba Employee
sathya
Posts: 117
Registered: ‎09-21-2010

Re: RAP

[ Edited ]
Options

‎04-06-2012 11:35 AM - edited ‎04-06-2012 11:37 AM

What you are doing is right and nothing more is required assuming that you have configured a VPN address pool for the RAPs in the VPN services tab of the WebUI. Configuring VPN auth profile and role was required in the older code base but now if you are using zero touch provisioing all you have to do is add the RAPs mac in the whitelist and make sure that the default-rap profile under the VPN authentication profile has the internal database selected as the authentication server. By default, the internal server is used in the default-rap profile and this will work fine. however, if you change this to an external server then zero-touch provisioning will fail becasue the RAP whitelist is maintained in the internalDB. By deafult the RAPs will be assigned the ap-role even if you change the role to something else in the deafult-rap VPN authentiction profile i.e the inner IP of the RAP will be assigned the ap-role and the outer ip will be assigned the logon role. You can't change this. On CLI "show user-table verbose" will show the default user role applied to the inner and outer ip of the RAPs IPsec tunnel.

 

Regards,

Sathy

Alert a Moderator
Message 3 of 3 (1,951 Views)
Reply
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium