Wireless Access

Reply
Frequent Contributor I

Remote AP vs Campus AP

Hi All,

I have Campus AP AP-115. My Controllers are installed in Main Data Center and Campus Access Points (AP-115) are on different braches. My customer wants from me to create an IPSec Tunnel from Controller to APs for secure communication, I tested it successfully by converting the CAPs to Remote AP by definining White List and enabling CPSec. So the question is if i can convert Campus AP to remote AP then why i need specialize Remote AP. 

Guru Elite

Re: Remote AP vs Campus AP

Campus APs cannot communicate over a NAT boundary (like the internet).  Only remote APs can.

 

Campus APs communicate over IPSEC, yes, but only Remote APs are designed to communicate over a NAT boundary.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Remote AP vs Campus AP

Thanks for your quick response. What i understood from your reply is if my CAP is behind the NAT or i can say if my CAP is on public IP in that case i will need remote AP. 

 But if i have reacability to my CAP through some VPN then in that case what is your suggestion.

Guru Elite

Re: Remote AP vs Campus AP

If it is on the local lan or a lan that is extended via VPN connection, it is easier to provision a CAP.  That is what should be used...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Remote AP vs Campus AP

Thanks a lot for your help brother. 

 

So let me summarize this..

 

Case-1: If my CAPs are inside my LAN or my LAN is extended through VPN to my branch offices then i can Provision CAP as a RAP.

 

Case-2: if my CAP is behind the NAT then in that case i will go for Remote AP. 

Aruba

Re: Remote AP vs Campus AP

Please explain what you mean by "go for Remote AP". Are you referring to our RAP product SKUs? Those are merely differentiated in hardware (optimized for desktop deployment, local wired ports, POE out but not in, to name a few).

All physical Aruba AP variants (campus, remote, hospitality, ruggedized and outdoor) can be deployed in RAP (software) mode.

/Onno
Frequent Contributor I

Re: Remote AP vs Campus AP

As stated above, my comapny wants from me to create an IPSec tunnel between controller and Access Points (AP-115). I contacted Aruba TAC for that few months ago and they share the steps how can i do it. I performed the test on AP-105 and i was successfully did it. Actually we convert the Campus AP to RAP in that steps.

Today I raised the point if i can do the same thing from the CAP then why i need Remote AP. So "cjoseph" reply to me and you can see his reply.

 

If you can eloborate it to me i will be thankful to you.

Guru Elite

Re: Remote AP vs Campus AP


w.ullah@bmc.com.sa wrote:

Thanks a lot for your help brother. 

 

So let me summarize this..

 

Case-1: If my CAPs are inside my LAN or my LAN is extended through VPN to my branch offices then i can Provision CAP as a RAP.  

 

Case-2: if my CAP is behind the NAT then in that case i will go for Remote AP. 


To be clear Case #1, you just use access points configured as campus APs.  EDIT: You need to make sure that control plane security is on (by default it is).

Case#2, you use access points configured as remote APs only if there is NAT between your controller and access points.

 

Why does your job want you to build ipsec tunnels?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: Remote AP vs Campus AP

Thanks once again cjoseph.

 

Actually they want to secure the communication.

Guru Elite

Re: Remote AP vs Campus AP

Allright.  Campus APS with CPSEC would solve that problem 99% of the time.

 

On the internet, you would just simply use a RAP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: