Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

rapconsole access (RAP's) after first successful ipsec connection

This thread has been viewed 9 times

  • 1.  rapconsole access (RAP's) after first successful ipsec connection

    Posted Dec 08, 2011 06:03 AM

    Hi all,

     

    After setting up successfully RAP5WN's , I can't access any more the WEBUI  for checking the status.

     

    If a RAP2 or RAP5 is disconnected, moved to another location and can't connect to the controller, I would like to have the rapconsole WEBUI available for troubleshooting!

     

    Does the access depend on the forward mode configured? 

    (the "Remote-AP Backup" feature from the ethernet port config tab is enabled)

     

    On the client PC, the difference between first setup (ping to 192.168.11.1 is ok and domain is provided)  and no-access (ping to 192.168.11.1 not ok, no domain provided).

     

    thanks for any tipps and advices.

     

    Rolf

     

     



  • 2.  RE: rapconsole access (RAP's) after first successful ipsec connection

    EMPLOYEE
    Posted Dec 08, 2011 06:13 AM

    Yes.  the Rapconsole will only come up if you have the Remote AP backup parameter checked, BUT, it will only come up when the AP is not connected to the controller, yet.

     

    For the Rapconsole to work while the AP is already connected to the controller, the wired port, or the virtual AP needs to be split tunnel or bridge.

     

    Please see this section in the ArubaOS 6.1 user guide about Local Debugging (LD) and Rapconsole access:

     

     

    "Configuring ACL for restricted LD homepage access

    A user in split or bridge role using a remote AP (RAP) can log on to the local debug (LD) homepage (for example, (http://rapconsole.arubanetworks.com) and perform a reboot or reset operations. The LD homepage provides various information about the RAP and also has a button to reboot the RAP. You can now restrict a RAP user from resetting or rebooting a RAP by using the new localip keyword in the in the user role ACL . "........

     

     



  • 3.  RE: rapconsole access (RAP's) after first successful ipsec connection

    Posted Dec 22, 2011 05:24 AM

    Hi,

    Could you advise what kind of policy should I create for this access to rapconsole? I have backup ssid in bridge mode and policy from user to localip. I tried permit and route. Both does not work and I am not able to connect to rapconsole.arubanetworks.com 

    Thanks

    Marek



  • 4.  RE: rapconsole access (RAP's) after first successful ipsec connection

    EMPLOYEE
    Posted Dec 22, 2011 06:50 AM

    You should permit http traffic to the "localip" alias, according to user manual.



  • 5.  RE: rapconsole access (RAP's) after first successful ipsec connection

    Posted Dec 23, 2011 04:38 AM

    So I tried but it did not work. Then I asked here...



  • 6.  RE: rapconsole access (RAP's) after first successful ipsec connection

    EMPLOYEE
    Posted Dec 23, 2011 06:20 AM

    Okay.  Not 100% sure that it works on a backup SSID.  On that user who is connected to the backup SSID, do an nslookup for "rapconsole.arubanetworks.com"

     

    > rapconsole.arubanetworks.com
Server:		209.18.47.61
Address:	209.18.47.61#53

Name:	rapconsole.arubanetworks.com
Address: 192.168.1.175
>

     I got the ip address of my RAP and when I opened a page to 192.168.1.175, it opened the rapconsole.  First, find out if it is returning that ip address..

     

     



  • 7.  RE: rapconsole access (RAP's) after first successful ipsec connection

    Posted Dec 27, 2011 03:49 AM

    I got the same - rapconsole.arubanetworks.com was resolved to IP of RAP external (Ethernet E0) address. But I am not able to pass any traffic to this address.

     



  • 8.  RE: rapconsole access (RAP's) after first successful ipsec connection

    EMPLOYEE
    Posted Dec 27, 2011 08:30 AM
    What are the firewall rules for your user?


  • 9.  RE: rapconsole access (RAP's) after first successful ipsec connection

    Posted Dec 28, 2011 06:00 AM

    Hi,

    It was probably my fault - I have recreated configuration from scratch and now it works perfect form me!

    Thanks,

    Marek



  • 10.  RE: rapconsole access (RAP's) after first successful ipsec connection

    EMPLOYEE
    Posted Dec 28, 2011 10:21 AM

    Marek - Glad you figured it out.