Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

RAP Split Tunnel Security

Jump to Best Answer
  • 1.  RAP Split Tunnel Security

    Posted Mar 05, 2020 11:30 PM

    I have two questions regarding RAP solution

     

    1) Is it possible to integrate with OpenDNS solution when customer wants to use Aruba RAP solution with split horizon? 

    2) Is it possible to piggyback a second AP to a RAP to extend wireless coverage inside the room? 

     

    Regards,

     

    Pradyut 



  • 2.  RE: RAP Split Tunnel Security
    Best Answer

    Posted Apr 10, 2020 10:33 AM

    You can absolutely use OpenDNS over a RAP, but the problem is that any internal resource that user wants to try and get to won't resolve by hostname - unless you mirror your internal DNS entries into OpenDNS. We do this with Guest on RAPs at a few remote locations, they use OpenDNS, but don't have access to any internal resources, so it's not a problem. DNS isn't dependent upon your routing, it's received during DHCP, and it will maintain those DNS servers regardless of where it's trying to go. 

     

    In theory, you should be able to piggyback another AP from a RAP. The AP port is configured similar to a switch port - so it would be access likely and the AP tunnel would ride the IPSEC tunnel of the RAP. I can't say how well it will function - remember RAPs have limitations on their IPSEC throughput that may hinder performance for devices on that AP. I would also make sure you don't run into any MTU issues over VPN since CAP and RAP use different values, 1500 and 1200 respectively. As everything, test it out and see how it performs, but from a L2/L3 layer, it should theoretically work.