Wireless Access

 View Only

RAP as SOHO VPN Gateway

This thread has been viewed 0 times
  • 1.  RAP as SOHO VPN Gateway

    Posted Mar 05, 2015 04:59 AM

     

    Hi community,

     

    i want to use a RAP as as small SOHO VPN Gateway.

     

    RAP is setup with wired-AP set to split-tunnel. 

     

    In case of connection-loss to the Controller the RAP can act as DHCP-Server and Router so the clients can continue to work locally and can get access to the internet.

     

    This works fine, but i want to finetune:

    If the failover-mode comes up the network range changes, all clients (Small Office, so we have just 6 Clients) must renew their IP-Adresses.

     

    If one single Client is connected directly with copper to RAP it gets an down/up event on the network link and does the DHCP-renew. But we have 6 clients - so they are behind a small switch and they are keeping their old config (DHCP Lease is still valid for hours...).

     

    So my Idea was to use the same IP network-range with 192.168.100.0/24 in both modes,  with 192.168.100.1 as Gateway, configured on the WLAN-Controller AND ALSO configured as  DHCP-Server-IP and Default-GW on the RAP for backup mode. rap-dhcp-server-vlan is set to VLAN 999, so this differs from the normal VLAN.

     

    BUT: This does not seem to work. 

     

    The rap-dhcp-server-id seems to conflict if the same IP is configured on Mainoffice-side at any time.

    Using the same network is ok, but rap-dhcp-server-id and rap-dhcp-default-router must be set to a non-conflicting IP, which is bad, because the clients keep sending  Traffic to the not longer existant default-gateway as long as they do a dhcp-renew (which can be a very long period).


    Any Ideas? bug or feature? Any workaround possible?

     

    Config Excerpts:

     

    interface vlan 100
    ip address 192.168.100.1 255.255.255.0
    !


    ap wired-ap-profile "RAP-Wire-Test1"
    wired-ap-enable
    forward-mode split-tunnel
    switchport access vlan 100
    !

     

    rap-dap system-profile "RAP-Folketest"

    rap-dhcp-server-vlan 999
    rap-dhcp-server-id 192.168.100.1
    rap-dhcp-default-router 192.168.100.1
    rap-dhcp-dns-server 8.8.8.8
    rap-dhcp-pool-start 192.168.100.100
    rap-dhcp-lease 3

    !