Professional Documents
Culture Documents
Aruba Remote AP - RAP白名單方案加入Controller
Aruba Remote AP - RAP白名單方案加入Controller
This guide will take you through step-by-step to configure Aruba Remote AP (RAP)
The Aruba MC and the remote AP are behind firewalls which using NAT when accessing the
internet.
1. Log in into the MC
2. Go to Configuration -> Advanced Services -> VPN Services -> IPSEC
3. Under Address Pools click Add
4. Configure address pool for remote AP's:
10. In this profile make sure that the LMS IP address is the MC external IP:
11. Now go to Configuration -> Wireless -> AP Installation -> Whitelist, click on Remote AP
and then click on Entries:
12. Insert the MAC address of the remote AP to the MC localdb and choose the newly created
AP group (KS-RAP) and click Add:
Next let's configure the remote AP, connect to the RAP using console cable
1. Click Enter to stop the autoboot process
2. Type setenv remote_ap 1
3. Type setenv master 10.0.0.1
4. Type setenv serverip 10.0.0.1
5. Type saveenv
6. Type boot
NAT Traversal
Because the firewalls are doing NAT we will have to use NAT traversal (UDP port 4500) to
allow traffic between the MC and the RAP.
On firewall #1 we will need to configure static NAT with port forwarding and to allow UDP port
4500 to the MC (outside to inside), while on FW #2 we will need to configure policy to allow
the remote AP access to UDP port 4500 outside.
Each firewall/router configuration is different and it's not part of the scope of this post.
Remote AP Authentication
In the following example I'm using certificate-based authentication where the RAP using
factory-based certificate and the MC authenticate the RAP MAC address using the localdb. In
this way we can configure pre-provision AP which never was connected to the MC before.
We can also use IPSec PSK but this requires the RAP to be connected to the MC as campus
AP prior to conversion to RAP