Wireless Access

 View Only
Back to discussions
Expand all | Collapse all

RAP LAB Configuration example

This thread has been viewed 9 times

  • 1.  RAP LAB Configuration example

    Posted Apr 12, 2018 08:21 PM

    This is a simple how-to document showing the steps to configure a RAP access point to connect to a mobility controller through the internet.

    D7C0BD7A-35B5-4E2C-A061-74E4F27F9DCF.png

    RAP access point at employee's home will connect to mobility controller through the internet and tunnel access to the corporate networks 10.4.3.0/24 and 10.4.2.0/24. Access to the internet will be source nated and local switched.
     
    • Create a net destination with corporate networks
    netdestination corp-network-alias
       network 10.4.3.0 255.255.255.0
       network 10.4.2.0 255.255.255.0
     
    • Create a session access-list
    This access list will permit access to the corporate network and source nat all other traffic to be local switched.
     
    ip access-list session corp-net-split-acl
       user alias corp-network-alias any permit
       alias corp-network-alias user any permit
       any any svc-dhcp permit
       user any any route src-nat
       any user any permit
     
    • Create user role
    This role will be associated with the session access-list created before.
     
    user-role role-split-corp
       access-list session corp-net-split-acl
     
    • Create an wlan profile
     
    wlan virtual-ap "remote-teste10"
       aaa-profile "remote-teste10"
       vlan 1043                                   —> Vlan that user will get IP from
       forward-mode split-tunnel          —> Split-tunnel enabled
       ssid-profile "remote-teste10”
    !
    wlan ssid-profile "remote-teste10"
        essid "remote-teste10"
        opmode wpa2-psk-aes
        wpa-passphrase 1d5318efb6110ec9f7dd7e92d03d235fe443cb9eea6167b5
    !
    • Create a AP Group
     
    ap-group “RAP-Test-Group"
       virtual-ap "remote-teste10
     
    • Add RAP Access Point's MAC to the white list DB
     
    whitelist-db rap add mac-address xx:xx:xx:xx:xx:xx
       ap-group RAP-Test-Group —> AP group created on item 5
       ap-name RAP-AP-01
     
    • Add an IP local pool
    RAP access points will receive IP address from this pool.
     
    ip local pool “RAP-Pool-Corp" 10.5.1.200 10.5.1.254
     
    • Prosvisioning the AP using GUI
    After adding the RAP to the whitelist-db, it has to provisioned through the GUI.
    During the provisioning we need will use the controllers’s external IP or hostname. Remember that the ports TCP/4500 and UDP 69 should be open between RAP and controller.
     
    Screenshot 2018-04-12 21.07.53.pngScreenshot 2018-04-12 21.19.28.png
     
     
    • Testing and verifying the configuration

    Screenshot 2018-04-12 19.05.01.pngScreenshot 2018-04-12 19.05.11.png

    Screenshot 2018-04-12 17.20.47.pngScreenshot 2018-04-12 19.07.38.png



Related Content