SlideShare une entreprise Scribd logo

Rap split tunnelv2

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
TechnologieDivertissement et humour
1  sur  7
Télécharger pour lire hors ligne
RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document

Recommandé

Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updated
Aruba, a Hewlett Packard Enterprise company
 
Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
Aruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
Aruba, a Hewlett Packard Enterprise company
 

Recommandé

Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updated
Aruba, a Hewlett Packard Enterprise company
 
Acmp study guide_d[1]
Acmp study guide_d[1]Acmp study guide_d[1]
Acmp study guide_d[1]
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
EMEA Airheads- Aruba IAP Webinar – How AirGroup service works in Aruba Instan...
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
Aruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
Aruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
Aruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
Aruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
Aruba, a Hewlett Packard Enterprise company
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-SecurityEMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
Aruba, a Hewlett Packard Enterprise company
 
Aruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference DesignsAruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference Designs
Aruba, a Hewlett Packard Enterprise company
 
Advanced RF Design & Troubleshooting
Advanced RF Design & TroubleshootingAdvanced RF Design & Troubleshooting
Advanced RF Design & Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
Aruba, a Hewlett Packard Enterprise company
 

Contenu connexe

Tendances

Aruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference DesignsAruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference Designs
Aruba, a Hewlett Packard Enterprise company
 

Tendances (20)

Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference Design
 
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-SecurityEMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
 
Aruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference DesignsAruba 802.11ac networks: Validated Reference Designs
Aruba 802.11ac networks: Validated Reference Designs
 
Advanced RF Design & Troubleshooting
Advanced RF Design & TroubleshootingAdvanced RF Design & Troubleshooting
Advanced RF Design & Troubleshooting
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
 

En vedette

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Aruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
Aruba, a Hewlett Packard Enterprise company
 

En vedette (20)

2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 

Similaire à Rap split tunnelv2

New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installation
dkeerthan
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Training
bhillis1
 

Similaire à Rap split tunnelv2 (20)

Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installation
 
ARPMiner Manual
ARPMiner ManualARPMiner Manual
ARPMiner Manual
 
Aruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notesAruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notes
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
Kwfsbs67 en-v1
Kwfsbs67 en-v1Kwfsbs67 en-v1
Kwfsbs67 en-v1
 
How to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apHow to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless ap
 
Tp link extender setup
Tp link extender setupTp link extender setup
Tp link extender setup
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Training
 
SNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPSNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAP
 

Plus de Aruba, a Hewlett Packard Enterprise company

EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
Aruba, a Hewlett Packard Enterprise company
 

Plus de Aruba, a Hewlett Packard Enterprise company (20)

EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster Manager
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
 
EMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can helpEMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can help
 

Dernier

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Rap split tunnelv2

  • 1. RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
  • 2. Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
  • 3. Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
  • 4. Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
  • 5. Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
  • 6. Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
  • 7. Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document