SlideShare a Scribd company logo

Rap split tunnelv2

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
TechnologyEntertainment & Humor
1 of 7
Download to read offline
RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document

Recommended

Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingAruba, a Hewlett Packard Enterprise company
 

Recommended

Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAruba, a Hewlett Packard Enterprise company
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APAruba, a Hewlett Packard Enterprise company
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-SecurityEMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-SecurityAruba, a Hewlett Packard Enterprise company
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentalsAruba, a Hewlett Packard Enterprise company
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3Aruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOS
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-SecurityEMEA Airheads- ArubaOS - Understanding Control-Plane-Security
EMEA Airheads- ArubaOS - Understanding Control-Plane-Security
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference Design
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
RAP Networks Validated Reference Design
RAP Networks Validated Reference DesignRAP Networks Validated Reference Design
RAP Networks Validated Reference Design
 
Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 

Viewers also liked

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 

Viewers also liked (20)

2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 

Similar to Rap split tunnelv2

Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installationdkeerthan
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleNetgear Italia
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLENetgear Italia
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Freddy Ortiz
 
How to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apHow to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apIT Tech
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Trainingbhillis1
 
SNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPSNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPRakesh SHarma
 

Similar to Rap split tunnelv2 (20)

Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 
New sap installation post installation
New sap installation post installationNew sap installation post installation
New sap installation post installation
 
ARPMiner Manual
ARPMiner ManualARPMiner Manual
ARPMiner Manual
 
Aruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notesAruba instant 6.2.1.0 3.4 release notes
Aruba instant 6.2.1.0 3.4 release notes
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
 
Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2Kl 031.30 eng_class_setup_guide_1.2
Kl 031.30 eng_class_setup_guide_1.2
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
117641 config-asa-00
117641 config-asa-00117641 config-asa-00
117641 config-asa-00
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
Kwfsbs67 en-v1
Kwfsbs67 en-v1Kwfsbs67 en-v1
Kwfsbs67 en-v1
 
How to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless apHow to configure cisco 1242 wireless ap
How to configure cisco 1242 wireless ap
 
Tp link extender setup
Tp link extender setupTp link extender setup
Tp link extender setup
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Training
 
SNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAPSNC Configuration between Oracle Identity Manager and SAP
SNC Configuration between Oracle Identity Manager and SAP
 

More from Aruba, a Hewlett Packard Enterprise company

EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...Aruba, a Hewlett Packard Enterprise company
 

More from Aruba, a Hewlett Packard Enterprise company (20)

EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 
EMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster ManagerEMEA Airheads- ArubaOS - Cluster Manager
EMEA Airheads- ArubaOS - Cluster Manager
 
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
EMEA Airheads– Aruba Clarity. Because a Wi-Fi Problem's Often Not a "Wi-Fi" P...
 
EMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can helpEMEA Airheads- ClearPass extensions and how they can help
EMEA Airheads- ClearPass extensions and how they can help
 

Recently uploaded

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Rap split tunnelv2

  • 1. RAP split-tunnel (802.1X authentication) Release 6.2.0.0 controller – June 2013 Contents MUST READ - BACKGROUND!.................................................................................................................................................1 Create an internal network ‘netdestination’ ..........................................................................................................................2 Create the RAP User Policy .....................................................................................................................................................2 Create the RAP User Role........................................................................................................................................................3 Create a new RAP AAA server.................................................................................................................................................3 Create the myrap Virtual AP ...................................................................................................................................................4 Edit the myrap Virtual AP........................................................................................................................................................4 Create the RAP AP Group........................................................................................................................................................5 Configure the Controller VPN for RAP Access.........................................................................................................................6 Assign a RAP Address Pool......................................................................................................................................................6 Add the RAP MAC address to the Whitelist............................................................................................................................7 MUST READ - BACKGROUND! This configuration example is based on two previous examples posted: For the Beginner – Configuring an 802.1X WLAN with the Controller GUI For the Beginner - RAP Installation-Basic It is recommended you read and understand the above two examples as well as have your version of the configurations installed on your controller. VLAN’s and IP address in the examples may have changed but the overall process is still valid to follow.
  • 2. Create an internal network ‘netdestination’ The key to split tunnel mode is in the User Policy. It is the User Policy that determines what is forwarded through the tunnel and what is placed on the local network. The netdestination definition should contain all the internal network IP addresses the client can connect to. These are the network destinations you want the RAP to forward via the RAP/Controller VPN tunnel to the main site. This can be done with the CLI (shown) or the GUI (Configuration > Stateful Firewall > Destinations). In this example the internal networks (netdestination myinternal) are the 172.16.0.0, 192.168.2.0 and 192.168.100.0. Create the RAP User Policy Configuration > Access Control > Policies Use the netdestination alias of the internal network accordingly in the RAP user policy. Note the last rule is source NAT (src-nat). This policy states that if the destination does not match the myinternal rule the traffic will NOT be forwarded to the controller through the VPN connection but ‘src-nat’ from the RAP to the local subnet.
  • 3. Create the RAP User Role Configuration > Access Control > User Roles Configure a RAP user role and add the ‘RAPUser-pol’ policy to it. This is the role the user will be assigned when logging into the RAP wifi and authenticated by the AAA policy (next step). Create a new RAP AAA server Configuration > Authentication > AAA Profiles Create a new RAP AAA Profile and ensure you select in the “802.1X Authenticated default role” the RAPUser-rol role created earlier. When authenticated with this AAA profile the user will be placed in the RAPUser-rol Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication section of the new RAP AAA profile. Select the already existing corporate location 802.1X profile (in this example ‘myemployee-1x’)
  • 4. Continue configuration of the new RAP AAA Profile Select and expand the 802.1X Authentication Server Group of the new RAP AAA profile. This is the server the username and password will be authenticated against. Select the already existing corporate location server (in this example ‘myemployee-serv’) Create the myRAP Virtual AP Configuration > Advanced Services > All Profiles Add a new virtual AP for the myRAP group (Advanced Services > All Profile Management > Wireless LAN > Virtual AP profile) Edit the myrap Virtual AP Click on and open the new myRAP-vir virtual profile Set the VLAN the RAP User will be placed in, and received DHCP from, and set the Forwarding Mode to ‘split-tunnel’
  • 5. Continue setting up the myrap-vir – the AAA Profile Expand the section AAA Profile and use the pull down to select the previously created new RAP AAA Profile Continue setting up the myRAP-vir – the SSID profile Previously an SSID Profile was created for user authentication at the corporate site (For the Beginner – Configuring an 802.1X WLAN with the Controller GUI). We will reuse this SSID for the RAP Virtual AP profile. Create the RAP AP Group Setup a new AP Group for the RAP’s (if not already completed) “Configuration” > “Wireless” > “AP Configuration” > New Add the new AP Group Name (in this example “myRAP”) Click “Add” to finish and “Save Configuration”
  • 6. Expand the Wireless LAN section Click on the Virtual AP Use the pull down to select the myrap-vir created earlier in this example. Configure the Controller VPN for RAP Access These steps have been included in the example “For the Beginner - RAP Installation-Basic” as well here, if already completed do not duplicate. Go to Configuration > Advanced Services > VPN Services Ensure L2TP is enabled Assign a RAP Address Pool This is the inner IP address used between the controller and RAP for the IPSec tunnel (recommended this is NOT an existing IP address space in the network) After clicking DONE on the IPSEC > Add Address Pool page ensure you “APPLY” the changes at the bottom of the VPN Services page
  • 7. Add the RAP MAC address to the Whitelist Go to “Configuration” > “Wireless” > “AP Installation” Select the “Whitelist” tab and select Entries Then elect “Remote AP” and add the NEW entry Enter the MAC address of the RAP and additional data related to the user and assign to the “RAP” AP Group Click “Add” when completed “Save Configuration” CLI checks and Troubleshooting is included in the original “For the Beginner - RAP Installation-Basic” document