Controllerless Networks

I am working on migrating RAPs to an IAP-VPN model.  I'm testing a single RAP-155 and trying to terminate it on the same controller as the RAPs.  I used the IAP VRD to configure IAP-VPN and did the following:

1. Whitelisted IAP in controller.
2. Configured IAP with Aruba GRE to primary data center controller.
3. Configured IAP with default route to controller's (internal) IP.
4. Configured IAP with centralized L2 scope.  I specified a VLAN that RAP clients already use.
5. Configured IAP with PSK SSID and specified the centralized L2 scope.

When I connect the client to the SSID, the client doesn't obtain an IP address.  I configured a static IP as well, but still no network connectivity.

I verified that the IAP has an IPSec connection to controller (show crypto ipsec sa & show crypto isakmp sa).  I am able to connect to the GUI of the IAP from the inside of our network.  I see the client connected in the IAP GUI.

I also tried setting up a distrubuted L3 scope and it doesn't work.  If I issue 'show datapath session' I'm unable to see any traffic to/from the IAPs address.

Any thoughts on what might be keeping the clients from working?

I believe I'm one step further.  Since I am not using Airwave or Aruba Central, you must add the IAP to the trusted IAP database, which I had not done.  The command is:

controller# iap trusted-branch-db add <MAC>

Now I can see it when issuing 'show iap table', but still unable to pass client traffic.

Yes, the pool is routable.  I am able to get to the web GUI of the IAP when it's online.

defafult-vpn-role for the IAP.

After changing the VPN from Aruba GRE to Aruba IPSec, it started working!  Looks like I needed the change above (IAP whitelisting) and Aruba IPSec to pass client traffic.

One thing I don't understand is why Aruba GRE was not the appropriate solution.  I've read the user guide and VRD, and Aruba GRE seemed like what I needed since I'm tunneling L2 traffic (Centralized L2).  Can anyone help me understand the difference between the two modes?