• September 21, 2020, 07:34:49 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: AP in Remote Office  (Read 3251 times)

0 Members and 1 Guest are viewing this topic.

Offline newdud

  • Jr. Member
  • **
  • Posts: 30
AP in Remote Office
« on: July 30, 2013, 10:55:56 AM »
We have a RFS6000 in HQ with a bunch on AP650 directly connected controller, all of it works fine. We intended to install some APs in branch offices. The branch offices are connected via a WAN link and the IP routing is all in place and working ;D.

I have installed one of the AP in the Branch Office followed the instructions, it appears to be working. Although it does get adopted and comes into the right RF domain, I would like to understand how it works in more detail

1/ The AP boots up and acquires IP from the local DHCP server along with the option to point it to the controller IP address
2/ The controller adopts it.
3/ Does VLAN 30 server any purpose?
4/ Do I need a DHCP server running for the RemoteAP in the Server?

The native VLAN ID of the remote office is 2001.

I have attached a cut down version of the config so that you can see how I have set it up.

!
wlan CORPWifi
 description Corporate Users
 ssid CORPWifi
 vlan 28
 bridging-mode tunnel
 encryption-type tkip
 authentication-type eap
 no broadcast-ssid
 wpa-wpa2 psk 0 internet
 use aaa-policy HFVM-NAP
!
wlan GUESTWifi
 description Guest User
 ssid GUESTWifi
 vlan 29
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 wireless-client hold-time 28800
 wireless-client inactivity-timeout 3600
 wpa-wpa2 psk 0 Jup1ter123456
 use aaa-policy HF\ AAA\ Internal\ Policy
 use captive-portal HFCaptivePortal
 captive-portal-enforcement

!
dhcp-server-policy HF-WC-DHCP-Server
 dhcp-pool Guest-Wifi
  network 10.0.19.0/24
  address range 10.0.19.20 10.0.19.120
  lease 0 8
  default-router 10.0.19.1
  dns-server 10.0.40.43 10.20.40.114
 dhcp-pool RemoteAP
  network 10.0.21.0/24
  address range 10.0.21.10 10.0.21.20
  default-router 10.0.21.1
 dhcp-pool Corp-Wifi
  network 10.0.18.0/24
  address range 10.0.18.20 10.0.18.120
  default-router 10.0.18.254
  dns-server 10.0.40.43 10.20.40.114
!
profile ap4600 HF-AP4600
 ip name-server 10.0.40.36
 ip name-server 10.0.40.11
 ip name-server 10.0.40.35
 ip default-gateway 10.0.18.254
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 interface radio1
 interface radio2
 interface ge1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface pppoe1
 use firewall-policy default
 use captive-portal server HFCaptivePortal
 ntp server 10.0.40.43
 service pm sys-restart
!
profile ap4600 default-ap4600
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 interface radio1
 interface radio2
 interface ge1
  ip dhcp trust
  qos trust dscp
  qos trust 802.1p
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 logging on
 service pm sys-restart
!

!
rf-domain HF\ HQ
 location HQ\ Office
 contact IT\ Helpdesk
 timezone Europe/London
 country-code gb
 use wips-policy HF\ WIPS\ Policy
!
rf-domain HF\ Office1
 location HF\ Office1
 contact IT\ Help\ Desk\
 timezone Europe/London
 country-code gb
!
rf-domain default
 location HQ\ Office
 contact IT\ Helpdesk
 country-code gb
!
wm3600 00-04-96-59-2A-2C
 use profile default-wm3600
 use rf-domain HF\ HQ
 hostname wm3600-Controller
 license AP 8c10f72fcf513569d79e4dd2260e23e2ca2e401118eb49c3fd062caf9c761d19c7247b4c2f448fff
 trustpoint https Thawte_SSL_CA
 ip name-server 10.0.40.43
 ip name-server 10.20.40.114
 ip domain-name HF.ADS
 floor 4
  ip default-gateway 10.0.18.254
 use radius-server-policy HFSerPol
 interface me1
  ip address 10.0.24.6/24
 interface up1
  description Uplink\ Backbone\ Port\ for\ all\ WLAN's
  switchport mode trunk
  switchport trunk native vlan 28
  switchport trunk native tagged
  switchport trunk allowed vlan 1,28-30,2001
 interface ge8
  no description
  switchport mode access
  switchport access vlan 1
 interface vlan28
  description CorpWifi
  ip address 10.0.18.1/24
  ip nat inside
 interface vlan29
  description GuestWifi
  ip address 10.0.19.1/24
  use ip-access-list in Guest-LAN-to-Controller
  ip nat inside
 interface vlan30
  description Remote\ AP
  ip address 10.0.21.1/24
 use event-system-policy Test
 use dhcp-server-policy HF-WC-DHCP-Server
 use captive-portal server HFCP
 use captive-portal server HFCaptivePortal
 ntp server 10.0.40.35
 email-notification host mailrelay.HF.org.uk sender wifi@HF.org.uk port 25
 email-notification recipient xx@HF.org.uk
 logging on
 logging console warnings
 logging buffered warnings
 logging syslog informational
 logging host 192.168.27.1
!


ap4600 00-04-96-77-57-68
 use profile HF-AP4600
 use rf-domain HF\ Office1
 hostname AP-CG
 area CG
 floor CF
 ip default-gateway 10.0.21.1
 autoinstall configuration
 interface radio1
  wlan GUESTWifi bss 1 primary
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 30
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,28-30
 interface vlan30
  description L3\ Data\ Link\
  ip address dhcp
  ip dhcp client request options all
!

end


Thanks in Advance






Offline Fido

  • Rookie
  • **
  • Posts: 20
Re: AP in Remote Office
« Reply #1 on: August 02, 2013, 05:59:28 AM »
Without VLAN 30 you can only adopt local APs (layer 2 adoption), so looks like VLAN 30 is required for remote branch. Remote AP can get DHCP from anywhere as long as special options can be obtained.