Can RAP`s do DNS master discovery ?
Remote AP`s deployed at remote office doing IPSec back to the Controller.
No. RAP does not do DNS based master discovery. However, one can provision RAP with FQDN for master and that will work.
Technically they are not the same. Static entry is not the only option for the controller discovery. DHCP Option 43/60 based discovery can be used.
For Example, If we have 2 RAPs explicitly provisioned (not doing discovery of aruba-master) with FQDN like master.mywebsite.com. In such case irrespective of these 2 RAPs getting different domain from dhcp, they will resolve FQDN to same ip and terminate to same controller so don’t leave RAP to do DNS based controller discovery by using just aruba-master.
(1) We do not support master “discovery” (aka ADP) on RAP. RAPs need to have master parameter explicitly provisioned.
We have disabled DNS based master discovery explicitly in code. DHCP option based discovery is working by pure luck. One should not rely on that.
(2) We do support master provisioned as FQDN. In this case RAP will do DNS query and talk to controller based on resolved ip-address.
The reason we disabled DNS based master discovery is because, RAPs are frequently deployed behind typical ISP DSL modem.
And when they query for “aruba-master” (which is the DNS query while performing ADP), many ISPs respond with advert page ip-address when they cannot resolve “aruba-master”. This will fool RAP into believing that there is a controller sitting at that ip-address and RAP will try to open IPSec tunnel with it