Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Host Name
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing the W-IAP Installation Mode
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- IPv6 Support
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Configuring Modulation Rates on a WLAN SSID
- Multi-User-MIMO
- Management Frame Protection
- Disabling Short Preamble for Wireless Client
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- Configuring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Enabling 802.1X Supplicant Support
- Configuring MAC Authentication for a Network Profile
- Configuring MAC Authentication with 802.1X Authentication
- Configuring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- DHCP Configuration
- Configuring Time-Based Services
- Dynamic DNS Registration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- Configuring AirGroup
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Managing BLE Beacons
- Clarity Live
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API Interface
- CALEA Integration and Lawful Intercept Compliance
- Cluster Security
- W-IAP Management and Monitoring
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Acronyms and Abbreviations
227 | VPN Configuration Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide
6. Click Next to create routing profiles. When the IPsec tunnel configuration is completed, the packets that are
sent from and received by a W-IAP are encrypted.
In the CLI
To configure an IPsec VPN tunnel:
(Instant AP)(config)# vpn primary <name>
(Instant AP)(config)# vpn backup <name>
(Instant AP)(config)# vpn fast-failover
(Instant AP)(config)# vpn hold-time <seconds>
(Instant AP)(config)# vpn preemption
(Instant AP)(config)# vpn monitor-pkt-send-freq <frequency>
(Instant AP)(config)# vpn monitor-pkt-lost-cnt <count>
(Instant AP)(config)# vpn reconnect-user-on-failover
(Instant AP)(config)# vpn reconnect-time-on-failover <down_time>
(Instant AP)(config)# end
(Instant AP)# commit apply
Example
(Instant AP)(config)# vpn primary 192.0.2.18
(Instant AP)(config)# vpn backup 192.0.2.20
(Instant AP)(config)# vpn fast-failover
(Instant AP)(config)# vpn preemption
(Instant AP)(config)# ip dhcp distl2
(Instant AP)(DHCP Profile "distL2")# server-type Distributed,L2
(Instant AP)(DHCP Profile "distL2")# server-vlan 2
(Instant AP)(DHCP Profile "distL2")# ip-range 10.15.205.0 10.15.205.255
(Instant AP)(DHCP Profile "distL2")# subnet-mask 255.255.255.0
(Instant AP)(DHCP Profile "distL2")# lease-time 86400
(Instant AP)(DHCP Profile "distL2")# default-router 10.15.205.254
(Instant AP)(DHCP Profile "distL2")# dns-server 10.13.6.110,10.1.1.50
(Instant AP)(DHCP Profile "distL2")# domain-name dell.com
(Instant AP)(DHCP Profile "distL2")# client-count 5
(Instant AP)(config)# ip dhcp local
(Instant AP)(DHCP Profile "local")# server-type Local
(Instant AP)(DHCP Profile "local")# server-vlan 200
(Instant AP)(DHCP Profile "local")# subnet 172.16.200.1
(Instant AP)(DHCP Profile "local")# subnet-mask 255.255.255.0
(Instant AP)(DHCP Profile "local")# lease-time 86400
(Instant AP)(DHCP Profile "local")# dns-server 10.13.6.110,10.1.1.50
(Instant AP)(DHCP Profile "local")# domain-name dell.com
To view the VPN configuration:
(Instant AP)# show vpn config
Configuring an L2-GRETunnel
This section describes the following procedures:
l Configuring Manual GRE Parameters
l Configuring Aruba GRE Parameters
Configuring Manual GRE Parameters
You can configure a GRE tunnel between the W-IAP and the controller using either the VC IP or the W-IAP IP,
based on the following W-IAP settings:
l If a VC IP is configured and if Per-AP tunnel is disabled, use VC IP.
l If a VC IP is not configured or if Per-AP tunnel is enabled, use the W-IAP IP.