Please take a look above diagram,and we explain the ip add as follow:
1. 47.104.193.111 is the public ip of our AOS8.3 VMC,there are 1:1 dst-nat to the VMC vlan1 ip 172.31.4.51/20 default gateway is 172.31.15.253/20
In fact there are only one ip in our VMC
(AOS83) [mynode] #show ip interface bri
Interface IP Address / IP Netmask Admin Protocol VRRP-IP
vlan 1 172.31.4.51 / 255.255.240.0 up up
loopback 172.31.4.52 / 255.255.255.255 up up
(AOS83) [mynode] #show ip route
Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch
I - Ike-overlay, N - not redistributed
Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 172.31.15.253 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 [0/1] via 172.31.15.253*
C 172.31.0.0/20 is directly connected, VLAN1
mgmt unassigned / unassigned up up
2.our RAP local ip is 172.16.5.236(dhcp from our home router), our home router get the public from isp is 111.37.21.67 (we do not get this public directly, it is also be NAT from our isp),So we open NAT-T in our VMC
3.We Contact our RAP by pre-shared key to our VMC
apboot> printenv
bootargs=
bootdelay=2
baudrate=9600
autoload=n
boardname=Dalmore
servername=aruba-master
bootcmd=boot ap
autostart=yes
bootfile=mips32.ari
ethaddr=24:de:c6:cb:79:40
name=24:de:c6:cb:79:40
group=ArubaRap
ikepsk=7C79E8210EB92264F7728ECD09EC5926055C5C527FA28CB91CCB63B3A2ED4C26
papuser=arubarap
pappasswd=90B311DE7AFCEBA589BA188EA766B30F14A695708421EBA8DD3E811C582C4B1A
a_antenna=0
g_antenna=0
usb_type=0
mesh_role=0
installation=0
remote_ap=1
priority_ethernet=0
priority_cellular=0
cellular_nw_preference=1
mesh_sae=0
ip6prefix=64
usb_power_mode=0
ap_power_mode=0
ethact=eth0
start_type=cold_start
master=47.104.193.111
num_total_bootstrap=8
num_reboot=8
stdin=serial
stdout=serial
stderr=serial
4.we boot our RAP,and we found it get the tunnl up and get the ip address
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
47.104.193.111 192.168.100.222 255.255.255.255 UGH -3 0 0 br0
172.31.4.52 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 192.168.100.222 0.0.0.0 UG -3 0 0 br0
~ #
We can not ping 172.31.4.52 , time out. anybody know the reason ?