Configuration Steps
CLI Commands
UI Procedure
1. Configure the primary
host for VPN with the
Public VRRP IP address of
the controller.
(Instant AP)(config)# vpn primary <public VRRP IP of
controller>
See
2. Configure a routing
profile to tunnel all
10.0.0.0/8 subnet traffic
to controller.
(Instant AP)(config)# routing-profile
(Instant AP)(routing-profile)# route 10.0.0.0
255.0.0.0 <public VRRP IP of controller>
See
3. Configure Enterprise
DNS for split DNS. The
example in the next
column uses a specific
enterprise domain to
only tunnel all DNS
queries matching that
domain to corporate.
(Instant AP)(config)# internal-domains
(Instant AP)(domains)# domain-name corpdomain.com
See
4. Configure Centralized, L2
and Distributed, L3 with
VLAN 20 and VLAN 30,
respectively.
Centralized, L2 profile
(Instant AP)(config)# ip dhcp l2-dhcp
(Instant AP)(DHCP Profile "l2-dhcp")# server-type
Centralized,L2
(Instant AP)(DHCP Profile "l2-dhcp")# server-vlan 20
Distributed, L3 profile
(Instant AP)(config)# ip dhcp l3-dhcp
(Instant AP)(DHCP Profile "l3-dhcp")# server-type
Distributed,L3
(Instant AP)(DHCP Profile "l3-dhcp")# server-vlan 30
(Instant AP)(DHCP Profile "l3-dhcp")# ip-range
10.30.0.0 10.30.255.255
(Instant AP)(DHCP Profile "l3-dhcp")# dns-server
10.1.1.50,10.1.1.30
(Instant AP)(DHCP Profile "l3-dhcp")# domain-name
corpdomain.com
(Instant AP)(DHCP Profile "l3-dhcp")# client-count
200
NOTE:
The IP range configuration on each branch will be the
same. Each IAP will derive a smaller subnet based on the client
count scope using the Branch ID (BID) allocated by controller.
See
Configuring
Centralized
DHCP Scopes
and
Configuring
Distributed
DHCP Scopes
5. Create authentication
servers for user
authentication. The
example in the next
column assumes 802.1X
SSID.
(Instant AP)(config)# wlan auth-server server1
(Instant AP)(Auth Server "server1")# ip 10.2.2.1
(Instant AP)(Auth Server "server1")# port 1812
(Instant AP)(Auth Server "server1")# acctport 1813
(Instant AP)(Auth Server "server1")# key
"presharedkey"
(Instant AP)(Auth Server "server1")# exit
(Instant AP)(config)# wlan auth-server server2
(Instant AP)(Auth Server "server2")# ip 10.2.2.2
(Instant AP)(Auth Server "server2")# port 1812
See
Configuring an
External Server
for
Authentication
Table 84:
IAP Configuration for Scenario 1—IPsec: Single Datacenter Deployment with No Redundancy
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
IAP-VPN Deployment Scenarios |
398