Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

RAP - Backup SSID - DHCP Server

Jump to Best Answer
  • 1.  RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 09:41 PM

    I understand that I can configure a RAP to offer DHCP. I am pretty sure this is only possible if the RAP is connected to a Trunked connection. 
    Reading the RAP VRD page 162 suggests an unlikely scenario in a hotel. The configuration shows using VLAN 188 for the Bridge VLAN. How would we know the Hotel had a trunk and that VLAN 188 was tagged? You wouldnt :-)
    I would love to be able to use a RAP with backup SSID and DHCP on a non-trunked network. 
    Am I missing something?

  • 2.  RE: RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 09:45 PM
    The AP can have its own internal vlan and DHCP server. The last rule in the user role ACL can be to source Nat the traffic out of the IP address of the RAP. In that case, VLANs on trunks would not matter.

  • 3.  RE: RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 09:50 PM
    I know you can assign the VLAN and DHCP options in the AP system profile. The VLAN however must match the VAP vlan. These VLANs cannot be the same as the native vlan in the AP system profile. Once those requirements are met, then it actives it's DHCP server. With those requirements, doesn't​ it need to be connected to a trunk port? Either the native or the VAP vlan must be tagged.

  • 4.  RE: RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 09:54 PM
    Tell me what you want to accomplish. It is always easier when you tell me what you want to do and then I can tell you if it is possible and how. It is difficult to speak theoretically.

  • 5.  RE: RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 11:00 PM

    I am just studying. No particular use case. Here is what is written in the VRD..


    "The backup mode is very useful for telecommuter solutions, especially when the RAP is connected to
    a network that has a captive portal. When a travelling employee connects the RAP to the wired port of
    a hotel network that uses captive portal, the RAP will not be able to connect to the controller. So, the
    RAP broadcasts the backup SSID. The user can now connect to the backup SSID and when he opens
    a web browser, the captive portal page is displayed. From perspective of the hotel’s captive portal, the
    traffic originates from the MAC address and IP address of the RAP because the RAP is configured to
    Scr-NAT the user traffic. After the user authenticates to the captive portal, the RAP can establish a
    connection the controller. After the connectivity to the controller is established, the RAP disables the
    backup SSID, broadcasts the standard SSIDs, and enables the configured wired ports"


    In addition it says to use the RAP built in DHCP server...


    "The user role assigned to the authenticated clients of the backup SSID should
    source-NAT all user traffic, except DHCP. For example, create a backup-user
    role with a policy that uses any any svc-dhcp permit followed by any any any
    route src-nat rule. Also, use the internal DCP server of the RAP to provide
    DHCP services for users on backup SSID."



  • 6.  RE: RAP - Backup SSID - DHCP Server
    Best Answer

    Posted Apr 26, 2017 11:06 PM

    Correct.  The Source-NAT rule makes it so that it does not matter what VLANs are trunked to the AP.  User traffic will be source natted out of the RAP's ip address.

  • 7.  RE: RAP - Backup SSID - DHCP Server

    Posted Apr 26, 2017 11:09 PM

    I thought I had tried without a trunk in the past and it didnt work. I must have had something else wrong. I will give it another shot. 


    Thanks Colin