Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Backup operation (Backup SSID) on RAPNG / IAP's

This thread has been viewed 3 times

  • 1.  Backup operation (Backup SSID) on RAPNG / IAP's

    Posted Aug 06, 2014 07:40 AM

    Hi All,

    we are currently evaluating concepts to replace traditional RAP's with newer IAP models. And we also try to configure the IAP's to VPN to a controller sitting on the data center.

    We managed to get it working quite the same like a traditional RAP as long as the connectivity on the IAP's site is fine, but is there any way to have an alternate configuration when the VPN link is down.

    I've seen there are several options (on guest / captive portal SSID's) to 'disable' the SSID when a specific uplink type is in use, but it seems i only can trigger on the 'physical network link', but not if the VPN connection can be established or not.

    Is there something like a "rap-operation backup" equivalent for IAP SSID's and something comparable for wired ports?

    We have some locations where the internet connectivity is not very stable, so we want to setup a backup operation mode with an PSK SSID and open wired ports when the VPN Tunnel is down, and full 802.1x for wired and wireless if the tunnel is up. Any hints how to archive this on an IAP?

    Thanks & Bye,
             Chris



  • 2.  RE: Backup operation (Backup SSID) on RAPNG / IAP's

    EMPLOYEE
    Posted Aug 06, 2014 09:00 AM

    Unfortunately, this is not available today.  



  • 3.  RE: Backup operation (Backup SSID) on RAPNG / IAP's

    Posted Aug 06, 2014 11:39 AM

    Hi Seth,

     

    can you give me some information when this will be available?

     

    Thanks & Bye,

          Chris



  • 4.  RE: Backup operation (Backup SSID) on RAPNG / IAP's

    EMPLOYEE
    Posted Aug 06, 2014 11:51 AM

    If you are doing 802.1x, in today's code, there is auth survivability for up to 24 hours when using Clearpass.  If you have clients already on the network (and the VPN is configured for split-tunneling), the users will STAY connected and be able to access the internet.

     

    Would this be an option for you?



  • 5.  RE: Backup operation (Backup SSID) on RAPNG / IAP's

    Posted Aug 06, 2014 12:39 PM

    Hi Seth,

     

    i've stumbled over auth survivability, but i hadn't the time to dig into it. Maybe you can give me some short answers for some fundamental questions that came up:

    - Will auth survivability cache entries 'survive' AP reboots? (usually, the areas having weak internet also often have power issues)

    - Are role assignments also cached? (we use separate VLAN's and policies for Corporate, BYOD, Mobiles and manufactoring devices).

    - Does it support all Authentication flavours (EAP-TLS, EAP-PEAP-TLS (very important for corporate devices) and EAP-PEAP-MSCHAPv2)?

     

    Thanks & Bye,

          Chris



  • 6.  RE: Backup operation (Backup SSID) on RAPNG / IAP's

    EMPLOYEE
    Posted Aug 06, 2014 12:44 PM
    @cniessner wrote:

    Hi Seth,

     

    i've stumbled over auth survivability, but i hadn't the time to dig into it. Maybe you can give me some short answers for some fundamental questions that came up:

    - Will auth survivability cache entries 'survive' AP reboots? (usually, the areas having weak internet also often have power issues)

    - Are role assignments also cached? (we use separate VLAN's and policies for Corporate, BYOD, Mobiles and manufactoring devices).

    - Does it support all Authentication flavours (EAP-TLS, EAP-PEAP-TLS (very important for corporate devices) and EAP-PEAP-MSCHAPv2)?

     

    Thanks & Bye,

          Chris

    The survivability will NOT work after a reboot if Clearpass is still down

     

    Role assignments are cached

     

    It does support PEAP and TLS starting with IAP code 4.1