Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP-225RW and Radius - Enterprise Branch Office

This thread has been viewed 0 times

  • 1.  IAP-225RW and Radius - Enterprise Branch Office

    Posted Mar 15, 2018 09:38 PM

    Hello all...

     

    We are a largish educational organisation in New South Wales, Australia. We are setting up a number of branch training offices around the Sydney area and one of the requirements is WiFi.

     

    We presently run eight 7210 controllers at each of our main sites. Users authenticate via a centralised Radius server. The Radius server is not managed by me.

     

    The new brach offices presently are using some older AP135, had them spare from recent upgrades elsewhere, and I have them provisioned on one of our 7210 at head office.

     

    I am thinking it would be better to remove the AP135's and replace them with IAP's and have the IAP's use the centralise Radius server for authentication. Then the network traffic would terminate on the  local master IAP and not have to be tunneld to head office. So far so good.

     

    Now our centralised Radius server won't accept authentication requests from remote devices unless those devices are authorised on the server before hand.

     

    So my question is this, what happens when the master IAP fails and the a second IAP, one the same subnet, takes over as master. Does the IP of the failed IAP get used by the new master?

     

    I am by no means an expert on Aruba Wireless and for the most part I lear by trial and error. Yep I have setup and IAP with the credentials to talk to the Radius server and got no joy with authentication.

     

    Regards and thansk to all

     

    Col Thompson

    Sydney Australia



  • 2.  RE: IAP-225RW and Radius - Enterprise Branch Office

    EMPLOYEE
    Posted Mar 16, 2018 12:25 AM

    Dynamic Radius Proxy will allow you to set an ip address that will remain constant in a cluster regardless of which AP is the master:

     

    http://community.arubanetworks.com/t5/Controller-less-WLANs/IAP-Dynamic-radius-proxy-ip-configuration-and-troubleshooting/ta-p/175248



  • 3.  RE: IAP-225RW and Radius - Enterprise Branch Office

    Posted Mar 20, 2018 06:13 PM

    Many Thanks Colin...

     

    I am still having a little difficulty.

     

    The fixed IP address for the VC, check, OK understand.

    Details for the Authentication Server, OK Check.

     

    But the section in red "DRP-IP configurations" (DRP IP:, DRP Mask:, DRP Vlan:, and DRP Gateway:) I am unsure of what these settings refer to.

     

    Could you elababrate please?

     

    Col

    Sydney Australia



  • 4.  RE: IAP-225RW and Radius - Enterprise Branch Office

    EMPLOYEE
    Posted Mar 20, 2018 07:49 PM

    Just enable DRP.  It will take the ip address of the Virtual Controller that you set.  Those other options are if you want it to be on a different subnet (nobody does that).