Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-Series 304/305 Access Points

391

392

393

394

395

396

397

398

399

400

391 | IAP-VPN Deployment Scenarios Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide

Configuration Steps CLI Commands UI Procedure

(ap)(DHCP profile "l3-dhcp")# client-count 200

Local profile with VLAN 20

(ap)(config)# ip dhcp local

(ap)(DHCP profile "local")# server-type Local

(ap)(DHCP profile "local")# server-vlan 20

(ap)(DHCP profile "local")# subnet 172.16.20.1

(ap)(DHCP profile "local")# subnet-mask

255.255.255.0

(ap)(DHCP profile "local")# lease-time 86400

(ap)(DHCP profile "local")# dns-server

10.1.1.30,10.1.1.50

(ap)(DHCP profile "local")# domain-name

arubanetworks.com

NOTE: The IP range configuration on each branch will be the

same. Each W-IAP will derive a smaller subnet based on the client

count scope using the Branch ID (BID) allocated by controller.

5. Create authentication

servers for user

authentication. The

example in the next

column assumes 802.1X

SSID.

(ap)(config)# wlan auth-server server1

(ap)(Auth Server "server1")# ip 10.2.2.1

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

(ap)(Auth Server "server1")# exit

(ap)(config)# wlan auth-server server2

(ap)(Auth Server "server1")# ip 10.2.2.2

(ap)(Auth Server "server1")# port 1812

(ap)(Auth Server "server1")# acctport 1813

(ap)(Auth Server "server1")# key "presharedkey"

See

Configuring an

External Server

for

Authentication

6. Configure wired and

wireless SSIDs using the

authentication servers

and access rules and

enable authentication

survivability.

Configure wired ports to operate in NAT mode and associate

VLAN 20

to the wired port profile.

(ap)(config) # wired-port-profile wired-port

(ap)(wired-port-profile "wired-port")# switchport-

mode access

(ap)(wired-port-profile "wired-port")# allowed-vlan

all

(ap)(wired-port-profile "wired-port")# native-vlan

(ap)(wired-port-profile "wired-port")# no shutdown

(ap)(wired-port-profile "wired-port")# access-rule-

name wired-port

(ap)(wired-port-profile "wired-port")# type employee

(ap)(wired-port-profile "wired-port")# auth-server

server1

(ap)(wired-port-profile "wired-port")# auth-server

server2

(ap)(wired-port-profile "wired-port")# dot1x

(ap)(wired-port-profile "wired-port")# exit

(ap)(config)# enet1-port-profile wired-port

See

Configuring a

Wired Profile

and Wireless

Network

Profiles

Table 77: W-IAP Configuration for Scenario 3—IPSec: Multiple Datacenter Deployment