What is the RAP Local Client Access feature?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 5.0 and later.

Consider remote clients in separate VLANs that are associated to the same RAP. Typically, when these clients communicate with each other, their traffic must go back to the controller.

A peer-to-peer application like VoIP has higher latency in this situation.

Currently the Aruba controller allows direct peer-to-peer access by clients in split or bridge forwarding modes on the same RAP. This access is allowed even if the clients are in separate VLANs, but custom firewall rules are needed.

The RAP Local Client Accessfeature provides an easy configuration process to enable local access for clients on a RAP, without requiring custom firewall rules.

RAP Local Access is enabled from the AP system profile for each AP group.

To enable:
configure terminal ap system-profile <ap-profile> rap-local-network-access

To disable:
configure terminal ap system-profile <ap-profile> no rap-local-network-access

To show the status of RAP Local Access:
#show ap system-profile default

AP system profile "default"
Parameter Value
--------- -----
........ ......
Remote-AP Local Network Access Enabled

If the RAP Local Access feature is enabled and two clients are behind the same RAP, the sessions between them should not appear on the controller. Instead, the sessions between them should appear on that AP with the destination pointing to "local" and the redirect (R) flag set for that session.




These two clients on the RAP should also have route-cache entries.



Version history
Revision #:
1 of 1
Last update:
‎07-04-2014 01:45 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: