03-14-2014 11:51 AM
We utilize a mobility controller and remote access points in order to do site to datacenter vpn's for our remote sites. Teh conenctions are split tunnelled, sending traffic to our domain subnets across the VPN tunnel and all other traffic goes out directly via the local Internet connection. On rare occasion the controller is down and is inaccessible to the RAP's, they no longer allow traffic at all outside the network, ie to Internet.
So we have at this point 30 sites reliant on the controller. If the controller is down, all 30 sites lose Internet access. Certainly there must be a way of configuring this that I am missing. Please help!
Solved! Go to Solution.
03-14-2014 02:09 PM - edited 03-14-2014 02:13 PM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
03-17-2014 06:35 AM - edited 03-17-2014 06:36 AM
Thank you. We actually do not uutilize the wireless aspects in any way however. Strictly wired.
Internet Connection <-> RAP <-> Network Switch <-> Endpoints
03-17-2014 07:18 AM
The wired interfaces should automatically bridge that traffic out to the internet, BUT you probably have to change your ipsec retries number to 0 so that the access point does not reboot:
Backup Configuration Behavior for Wired Ports
If the connection between remote AP and the controller is disconnected, the remote AP will be exhibit the following behavior:
|||All access ports on the remote AP, irrespective of their original forwarding mode will be moved to bridge forwarding mode.|
|||Clients will receive IP address from the remote AP's DHCP server.|
|||Client will have complete access to Remote AP's uplink network. You cannot enforce or modify any access control policies on the clients connected in this mode."|
What you need to do is Change the number-IPSEC-Retries in that AP system profile to 0, so that the access point does not reboot, it simply tries to restablish itself without rebooting: http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ap_system_profile.htm - "The number of times the AP will attempt to recreate an IPsec tunnel with the master controller before the AP will reboot. A value of 0 disables the reboot."
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base