Wireless Access

Oldjunk01 · ‎04-06-2012

I'm trying to provisoin a zero touch RAP-5 and RAP 2 on my 3600 controller running 6.1.2.6 software

When I look in the 6.1 manual for RAPs it goes through setting up up vpn authentication using the internal database and setting up a user role for the RAP... etc ....etc ....etc.

I thought all I really had to do is put the RAP MAC address in the RAP whitelist and make sure there is an address pool for raps in the VPN IPSEC tab?

Is there a section in the manual that covers what you need for zero touch RAP configuration? Seems like there are several steps in the manual that are not actually needed when doing this.

I must be missing something though because the RAP isn't connecting. I see that it hit the controller because when i entered the outside ip address into the rap provisioning screen i now see 1 IPSEC down on my controller. But it isn't staying up after initial connection.

Oldjunk01 · ‎04-06-2012

I actualy got the rap up. (I was missing a license for it)

but if there is a section that covers zero touch rap configuration for the controller please let me know where it is. Like I stated before looks like you really don't need to enter a lot of what the manual says.

I"m using ArubaOS_6.1UG.pdf and referencing Chapter 7

sathya · ‎04-06-2012

What you are doing is right and nothing more is required assuming that you have configured a VPN address pool for the RAPs in the VPN services tab of the WebUI. Configuring VPN auth profile and role was required in the older code base but now if you are using zero touch provisioing all you have to do is add the RAPs mac in the whitelist and make sure that the default-rap profile under the VPN authentication profile has the internal database selected as the authentication server. By default, the internal server is used in the default-rap profile and this will work fine. however, if you change this to an external server then zero-touch provisioning will fail becasue the RAP whitelist is maintained in the internalDB. By deafult the RAPs will be assigned the ap-role even if you change the role to something else in the deafult-rap VPN authentiction profile i.e the inner IP of the RAP will be assigned the ap-role and the outer ip will be assigned the logon role. You can't change this. On CLI "show user-table verbose" will show the default user role applied to the inner and outer ip of the RAPs IPsec tunnel.

Regards,

Sathy

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Wireless Access

RAP

RAP

Re: RAP

Re: RAP

Re: RAP

Re: RAP

RAP 5 WN Configuration gets removed automaticaly

Provision RAP-5WN

RAP User cannot see Network

ap's status is "denied" ?

Trouble with routing traffic trough controller straight to Internet

Aruba Deployment with Firewalls

Remote AP (Without PEF)

Using RAP at home on ADSL

COTD: show ap license-usage

Dual Ethernet on AP125 with RAP

Re: Branch Office Deployment Considerations Part 1

ACMP 6.1 Exam and Study Guide Now Available!

802.11 / RF Troubleshooting Best Practices

Aruba Remote AP Troubleshooting

Wireless LAN (WLAN) Design Fundamentals

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Aruba Mobility Controllers

Remote AP Networks

Indoor 802.11n Site Survey and Planning

Base Designs Lab Setup for Validated Reference Design

Campus Redundancy Model

Wireless Access

RAP

RAP

Re: RAP

Re: RAP

Re: RAP

Re: RAP

Follow Us