Controllerless Networks

last person joined: an hour ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Aruba7010 Controller and IAP-205 Aruba-Ipsec

Jump to Best Answer
This thread has been viewed 2 times
  • 1.  Aruba7010 Controller and IAP-205 Aruba-Ipsec

    Posted Nov 30, 2018 05:26 AM

    Hi,

    Can I put a static route in an IAP through an Aruba IPsec tunnel?

    I have a centraliced WLC7010 controller to receive IPsec and Gre Aruba tunnel, I have a remote IAP working how Instant and this have a L2 SSID with L2-DHCP tunneling with 7010.

    I want route the authentication traffic (802.1x) source IAP throught this tunnel because the Clearpass are in WLC network.

    The scenary is:

    L2Aruba.JPG

    Is posible?

     

    Regards.

    RG


    #7010


  • 2.  RE: Aruba7010 Controller and IAP-205 Aruba-Ipsec
    Best Answer

    Posted Nov 30, 2018 05:34 AM

    Hi raul.garcia.jim,

     

    This is possible. Look at this picture:

    IAP-VPN-Configure-Routing-Profile-in-Central

     

     

     This is from Central, but on the IAP GUI it is more or less the same.

     

    10.104.104.20 is my ClearPass Server

    10.100.100.50 is the IP of the controller, the IAP is connected to (the physical IP in the interface)

     

    Just be aware, that the IAP is using its tunnel IP to reach the radius server. So the one from the L2TP DHCP Pool. 

     

    hope this helps

     

    BR

    Florian



  • 3.  RE: Aruba7010 Controller and IAP-205 Aruba-Ipsec

    Posted Nov 30, 2018 08:01 AM

     Hi FlorianBaaske,

    Thanks!! it working fine!

    I have routed this traffic to the  WLC IP.

    The other problem that had is the back routing. I solved it by routing the IP on core network of the tunnel interface of the IAP.

     

    Regards!



  • 4.  RE: Aruba7010 Controller and IAP-205 Aruba-Ipsec

    Posted Nov 30, 2018 08:07 AM

    You should route the whole L2TP pool network to the controller, as the IAP will get a new IP from that pool, each time he connects. 

    I have configured OSPF between my Controller and the wired infrastructure but this is not needed if you just use a static route from the core to the controller for that network.