Wireless Access

Reply
Aruba Employee

Simple RAP LAB Configuration example

This is a simple how-to document showing the steps to configure a RAP access point to connect to a mobility controller through the internet.

D7C0BD7A-35B5-4E2C-A061-74E4F27F9DCF.png

RAP access point at employee's home will connect to mobility controller through the internet and tunnel access to the corporate networks 10.4.3.0/24 and 10.4.2.0/24. Access to the internet will be source nated and local switched.
 
  • Create a net destination with corporate networks
netdestination corp-network-alias
   network 10.4.3.0 255.255.255.0
   network 10.4.2.0 255.255.255.0
 
  • Create a session access-list
This access list will permit access to the corporate network and source nat all other traffic to be local switched.
 
ip access-list session corp-net-split-acl
   user alias corp-network-alias any permit
   alias corp-network-alias user any permit
   any any svc-dhcp permit
   user any any route src-nat
   any user any permit
 
  • Create user role
This role will be associated with the session access-list created before.
 
user-role role-split-corp
   access-list session corp-net-split-acl
 
  • Create an wlan profile
 
wlan virtual-ap "remote-teste10"
   aaa-profile "remote-teste10"
   vlan 1043                                   —> Vlan that user will get IP from
   forward-mode split-tunnel          —> Split-tunnel enabled
   ssid-profile "remote-teste10”
!
wlan ssid-profile "remote-teste10"
    essid "remote-teste10"
    opmode wpa2-psk-aes
    wpa-passphrase 1d5318efb6110ec9f7dd7e92d03d235fe443cb9eea6167b5
!
  • Create a AP Group
 
ap-group “RAP-Test-Group"
   virtual-ap "remote-teste10
 
  • Add RAP Access Point's MAC to the white list DB
 
whitelist-db rap add mac-address xx:xx:xx:xx:xx:xx
   ap-group RAP-Test-Group —> AP group created on item 5
   ap-name RAP-AP-01
 
  • Add an IP local pool
RAP access points will receive IP address from this pool.
 
ip local pool “RAP-Pool-Corp" 10.5.1.200 10.5.1.254
 
  • Prosvisioning the AP using GUI
After adding the RAP to the whitelist-db, it has to provisioned through the GUI.
During the provisioning we need will use the controllers’s external IP or hostname. Remember that the ports TCP/4500 and UDP 69 should be open between RAP and controller.
 
Screenshot 2018-04-12 21.07.53.pngScreenshot 2018-04-12 21.19.28.png
 
 
  • Testing and verifying the configuration

Screenshot 2018-04-12 19.05.01.pngScreenshot 2018-04-12 19.05.11.png

Screenshot 2018-04-12 17.20.47.pngScreenshot 2018-04-12 19.07.38.png

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: