Wireless Access

Reply
Occasional Contributor I

Need help setting up a RAP for home use

Hi all,

First off, I’m completely new to Aruba technology. Please feel free to explain wide and deep, I’m grateful for any info I can get. I want to configure some of our APs so that that coworkers can use them at home to connect to our internal network without the use of a VPN connection.

We already use Aruba RAPs from our remote offices. The setup is a little weird though. AP’s are connected to a Cisco switch via a dot1q trunk to VLAN 1 and native VLAN 90. VLAN 1 is our data network and VLAN 90 is connected to the subnet from a simple modem/router combo, the ones you get from ISPs. The SSIDs are in ‘split-tunnel’ as forward mode and put the internal traffic in VLAN 60. The only controller we have for the AP’s is on our main site. The AP has native VLAN set to 90.

I copied an ap-group in notepad, changed the ap-group name and pasted the whole thing in the CLI. I now have all the SSIDs I need.

Here come the questions:

  • I suppose I have to change the AP native vlan to 1 since those cheap modem/router combo’s from ISPs don’t speak dot1q. Is that correct?
  • I suppose I need to set the SSIDs into ‘tunnel’ forward mode. Besides that no changes. Is that correct?
  • I need to provision the AP as a RAP, fill in the external address of our main site and set it to receive an IP address via DHCP. Correct?
  • DHCP for the clients: Can I leave the DHCP Server and DHCP Pool blank so the clients get their IP from the modem/switch (problem is that I cannot specify beforehand – we have two local ISPs and one uses 192.168.0.0/24 as subnet and the other only uses 192.168.1.0/24)

Thanks in advance for any answer :)

Re: Need help setting up a RAP for home use


@Koala wrote:

 

  • I suppose I have to change the AP native vlan to 1 since those cheap modem/router combo’s from ISPs don’t speak dot1q. Is that correct?

 

yes, or just leave it blank/clear it.

  • I suppose I need to set the SSIDs into ‘tunnel’ forward mode. Besides that no changes. Is that correct?

It is not required to use tunnel mode, you can still use split tunnel if you desire to allow home RAP users to use corp resources

  • I need to provision the AP as a RAP, fill in the external address of our main site and set it to receive an IP address via DHCP. Correct?

The AP will get it's IP from DHCP by default, so nothing to change there. You can either plug the AP into a network so it comes up in campus mode on the controller, the reprovision it as RAP, or, use the AP serial port and just provision the following

 

setenv master <ip or fqdn of the controller>
setenv remote_ap 1
saveenv
  • DHCP for the clients: Can I leave the DHCP Server and DHCP Pool blank so the clients get their IP from the modem/switch (problem is that I cannot specify beforehand – we have two local ISPs and one uses 192.168.0.0/24 as subnet and the other only uses 192.168.1.0/24)

If you want to use split tunnel, then the corporate DHCP will be doing the client dhcp allocation (ditto for tunnel mode). In the case of split-tunnel there is no need to worry about the subnet in use by the residential gateway (router/modem box) as all client IPs will be src-natted to the AP IP address on vlan 1 in this case.

 

hth.

 

 

Highlighted

Re: Need help setting up a RAP for home use

Here’s the RAP VRD :
https://www.arubanetworks.com/assets/vrd/RAPVRD_version_8.pdf

It explains how to configure / deploy RAPs and best practices



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: