SlideShare ist ein Scribd-Unternehmen logo

Rap split tunnelv2

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
TechnologieUnterhaltung & Humor
1 von 7
Downloaden Sie, um offline zu lesen
RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document

Empfohlen

RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xAruba, a Hewlett Packard Enterprise company
 

Empfohlen

RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xAruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba, a Hewlett Packard Enterprise company
 
Best Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiBest Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiAruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesAruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8Aruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointAruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Outdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiOutdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiAruba, a Hewlett Packard Enterprise company
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy ModelsAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceEMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationAruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Aruba, a Hewlett Packard Enterprise company
 
Wireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the CampusWireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the CampusAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentalsAruba, a Hewlett Packard Enterprise company
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3Aruba, a Hewlett Packard Enterprise company
 

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
Best Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-FiBest Practices on Migrating to 802.11ac Wi-Fi
Best Practices on Migrating to 802.11ac Wi-Fi
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Outdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiOutdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewski
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy Models
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performanceEMEA Airheads – Aruba controller features used to optimize performance
EMEA Airheads – Aruba controller features used to optimize performance
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
 
Wireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the CampusWireless LAN Design Fundamentals in the Campus
Wireless LAN Design Fundamentals in the Campus
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 

Andere mochten auch

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 

Andere mochten auch (20)

2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 

Ähnlich wie Rap split tunnelv2

Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installationdkeerthan
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleNetgear Italia
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLENetgear Italia
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Freddy Ortiz
 
How to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apHow to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apIT Tech
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Trainingbhillis1
 
SNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPSNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPRakesh SHarma
 

Ähnlich wie Rap split tunnelv2 (20)

Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installation
 
ARPMiner Manual
ARPMiner ManualARPMiner Manual
ARPMiner Manual
 
Aruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notesAruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notes
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
Kwfsbs67 en-v1
Kwfsbs67 en-v1Kwfsbs67 en-v1
Kwfsbs67 en-v1
 
How to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apHow to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless ap
 
Tp link extender setup
Tp link extender setupTp link extender setup
Tp link extender setup
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Training
 
SNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPSNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAP
 

Mehr von Aruba, a Hewlett Packard Enterprise company

Mehr von Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 

Kürzlich hochgeladen

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Kürzlich hochgeladen (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

Rap split tunnelv2

  • 1. RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
  • 2. Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
  • 3. Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
  • 4. Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
  • 5. Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
  • 6. Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
  • 7. Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document