For IAP-VPN operations, ensure that the following configuration and verification procedures are completed on
the controller:
l
l
l
l
This section describes the configuration procedures for the controller to realize generic use cases. For
information on specific deployment scenarios, see
IAP-VPN Deployment Scenarios on page 396
ArubaOS 6.3 or later version is recommended the controllers with IAP-VPN configuration. The IAP-VPN
configuration is not supported on 600 Series controllers.
OSPF Configuration
Open Shortest Path First (OSPF) is a dynamic Interior Gateway routing Protocol (IGP) based on IETF RFC 2328.
The premise of OSPF is that the shortest or fastest routing path is used. The implementation of OSPFv2 allows
controllers to deploy effectively in a Layer 3 topology. The controllers can act as the default gateway for all
clients and forward user packets to the upstream router.
Each IAP-VPN can be defined a separate subnet derived from the corporate intranet pool to allow IAP-VPN
devices to work independently. For sample topology and configuration, refer to the
ArubaOS 6.5 User Guide
.
To redistribute IAP-VPN routes into the OSPF process:
(Instant AP)(config) # router ospf redistribute rapng-vpn
To verify if the redistribution of the IAP-VPN is enabled:
(host) #show ip ospf redistribute
To configure aggregate route for IAP-VPN routes:
(Instant AP) (config) # router ospf aggregate-route rapng-vpn
To view the aggregated routes for IAP-VPN routes:
(Instant AP) #show ip ospf rapng-vpn aggregate-routes
RAPNG VPN aggregate routes
--------------------------
Prefix Mask Contributing routes Cost
------ ---- ------------------- ----
201.201.200.0 255.255.252.0 5 268779624
100.100.2.0 255.255.255.0 1 10
To verify the details of a configured aggregated route:
(Instant AP) # show ip ospf rapng-vpn aggregated-routes <net> <mask>
(Instant AP) # show ip ospf rapng-vpn aggregate-routes 100.100.2.0 255.255.255.0
Contributing routes of RAPNG VPN aggregate route
------------------------------------------------
Prefix Mask Next-Hop Cost
------ ---- -------- ----
100.100.2.64 255.255.255.224 5.5.0.10 10
To view all the redistributed routes:
(Instant AP)# show ip ospf database
OSPF Database Table
-------------------
Area ID
LSA Type
Link ID
Adv Router
Age
Seq#
Checksum
-------
--------
-------
----------
---
----
--------
0.0.0.15
ROUTER
9.9.9.9
9.9.9.9
159
0x80000016
0xee92
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
IAP-VPN Deployment |
248