Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 304/305 Access Points

381

382

383

384

385

386

387

388

389

390

Configuration Steps CLI Commands UI Procedure

1. Configure the primary

host for VPN with the

Public VRRP IP address of

the controller.

(ap)(config)# vpn primary <public VRRP IP of

controller>

See

Configuring an

IPSec Tunnel

2. Configure a routing

profile to tunnel all

10.0.0.0/8 subnet traffic

to controller.

(ap)(config)# routing-profile

(ap)(routing-profile)# route 10.0.0.0 255.0.0.0 <public VRRP IP of

controller>

See

Configuring

Routing

Profiles

3. Configure Enterprise

DNS for split DNS. The

example in the next

column uses a specific

enterprise domain to

only tunnel all DNS

queries matching that

domain to corporate.

(ap)(config)# internal-domains

(ap)(domains)# domain-name corpdomain.com

See

Configuring

Enterprise

Domains

4. Configure centralized L2

and distributed L3 with

VLAN 20 and 30

respectively.

Centralized L2 profile (ap)(config)# ip dhcp l2-dhcp

(ap)(DHCP Profile "l2-dhcp")# server-type

Centralized,L2

(ap)(DHCP Profile "l2-dhcp")# server-vlan 20

Distributed L3 profile

(ap)(config)# ip dhcp l3-dhcp

(ap)(DHCP Profile "l3-dhcp")# server-type

Distributed,L3

(ap)(DHCP Profile "l3-dhcp")# server-vlan 30

(ap)(DHCP Profile "l3-dhcp")# ip-range 10.30.0.0

10.30.255.255

(ap)(DHCP Profile "l3-dhcp")# dns-server

10.1.1.50,10.1.1.30

(ap)(DHCP Profile "l3-dhcp")# domain-name

corpdomain.com

(ap)(DHCP Profile "l3-dhcp")# client-count 200

NOTE: The IP range configuration on each branch will be the

same. Each W-IAP will derive a smaller subnet based on the client

count scope using the Branch ID (BID) allocated by controller.

See

Configuring

Centralized

DHCP Scopes

and

Configuring

Distributed

DHCP Scopes

5. Create authentication

servers for user

authentication. The

example in the next

column assumes 802.1X

SSID.

(ap)(config)# wlan auth-server server1

(ap)(Auth Server "server1")# ip 10.2.2.1

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

(ap)(Auth Server "server1")# exit

(ap)(config)# wlan auth-server server2

(ap)(Auth Server "server2")# ip 10.2.2.2

(ap)(Auth Server "server2")# port 1812

(ap)(Auth Server "server2")# acctport 1813

(ap)(Auth Server "server2")# key "presharedkey"

See

Configuring an

External Server

for

Authentication

6. Configure wired and

wireless SSIDs using the

Configure wired ports to operate in L2 mode and associate

centralized L2 mode VLAN 20 to the wired port profile.

See

Configuring a

Table 75: W-IAP Configuration for Scenario 1—IPSec: Single Datacenter Deployment with No Redundancy

Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide IAP-VPN Deployment Scenarios | 382