Remote-access Guide

aruba remote access point tunnel

by Jessyca Ziemann Published 3 years ago Updated 2 years ago
image

What are Aruba remote access points (rap)?

With Aruba Remote Access Points (RAP), you can use the wireless controller that is already available at your main campus and allow the access points from these remote locations to associate, via the web, through a secure IPSec tunnel. Provisioning, authentication and configuration all can be managed from your controller.

How to manage multiple locations with Aruba remote access points?

Do this for multiple locations and you have a management nightmare on your hands. With Aruba Remote Access Points (RAP), you can use the wireless controller that is already available at your main campus and allow the access points from these remote locations to associate, via the web, through a secure IPSec tunnel.

When should I deploy an IPSec VPN tunnel in Aruba?

(Aruba recommends this deployment when AP-to-controllercommunications on a private network need to be secured.) In this scenario, the remote AP uses the controller’s IP address on the private network to establish the IPSec VPN tunnel.

What is the tunnel termination point used by the remote AP?

The tunnel termination point used by the remote AP depends upon the AP deployment, as shown in the following scenarios: Deployment Scenario 1: The remote AP and controllerreside in a private network which is used to secure AP-to-controller communication.

image

What is Aruba remote Access Point?

Aruba Remote Access Points (RAPs) provide secure always-on network access to corporate enterprise resources from remote locations.

Can you ssh to an Aruba AP?

Aruba Instant 6.2.0.0_3.2.0 2.0 release will only accept client connecting using SSH. The Telnet connection is depreciated from this version onward. Data transfer between the client and the Instant AP (IAP) using SSH are encrypted, thus its provide better data security comparing to Telnet.

How does an Aruba RAP work?

Any Aruba access point can be provisioned to operate as a RAP. The purpose of deploying a RAP is to leverage the wireless and wired features of an Aruba access point from a remote location across the Internet. The RAP is configured to use IPsec to connect to a Mobility Controller's public IP over UDP 4500 for NAT-T.

What is an Aruba RAP device?

The multifunctional Aruba RAP-3 delivers secure 802.11n wireless and wired network access to corporate resources from branch and home offices. Centrally managed by Aruba Mobility Controllers, the RAP-3 extends corporate resources to remote locations by establishing site-to-site VPN tunnels to the data center.

How do I configure my Aruba access point?

Install the APs by connecting the AP to an Ethernet port on the controller. If the AP does not use Power over Ethernet (PoE) is not used, connect the AP to a power source....Navigate to the Configuration > Wireless> AP Installation page. ... Select the AP you want to reassign, and click Provision. ... Click Apply and Reboot.

How do I find my Aruba access point IP address?

Viewing Access Point Details Tap any of the APs listed in the Inventory list. The Access Point Details page is displayed with details. View the AP details such as the AP name, IP address of the AP, MAC address, Serial number, AP type, radio, and the number of the clients connected on each radio channel.

Is Aruba RAP in a router?

Aruba Networks RAP-5WN Wireless Router - IEEE 802.11n.

How do I setup a remote access point?

0:482:26Remote access point set-up demo - YouTubeYouTubeStart of suggested clipEnd of suggested clipAnd plug it in until you hear it click into place. Now you need to locate an empty Ethernet port onMoreAnd plug it in until you hear it click into place. Now you need to locate an empty Ethernet port on your home router or modem and plug in the other end of the ethernet cable.

What is a rap network?

RAP is an open distance vector routing protocol that allows the routing information of devices used in computer networks to be distributed from Internet Service Provider (ISP) systems to LAN and WAN environments with devices with Internet connectivity.

What is the differences between remote access and site to site VPN?

A remote access VPN connects remote users from any location to a corporate network. A site-to-site VPN, meanwhile, connects individual networks to each other.

How do I connect to my Aruba RAP device?

0:332:26Aruba: How to set up your remote access point - YouTubeYouTubeStart of suggested clipEnd of suggested clipSo it can stand on its own like. This next find an Ethernet port on your wrap labeled e0. Take oneMoreSo it can stand on its own like. This next find an Ethernet port on your wrap labeled e0. Take one end of your Ethernet cable and plug it in until you hear it click into place.

How do I use Aruba network?

Connect the power cable to the power supply.Connect the power cable to the Aruba AP and plug the power into power.Connect the provided network cable to the black E0/PT connection on the bottom of the Aruba AP. ... Connect the other end of the network cable into an open port on your wireless router.More items...•

How do I connect to my Aruba RAP device?

0:332:26Aruba: How to set up your remote access point - YouTubeYouTubeStart of suggested clipEnd of suggested clipSo it can stand on its own like. This next find an Ethernet port on your wrap labeled e0. Take oneMoreSo it can stand on its own like. This next find an Ethernet port on your wrap labeled e0. Take one end of your Ethernet cable and plug it in until you hear it click into place.

How do you convert caps to rap in Aruba?

For IAP to RAP or CAP conversion, the Virtual Controller sends the convert command to all the other IAPs....Converting IAP to RAPNavigate to the Maintenance tab in the top right corner of the Instant UI.Click the Convert tab.Select Remote APs managed by a Mobility Controller from the drop-down list.More items...

How do you set up rap?

Navigate to Configuration > AP Installation (under Wireless.) Select the required remote AP under the Provisioning tab and then click Provision. Select Yes for Remote AP and Certificate for Remote AP Authentication Method. Click Apply and Reboot to apply the configuration and reboot the AP as certificate RAP.

How do I use Aruba network?

Connect the power cable to the power supply.Connect the power cable to the Aruba AP and plug the power into power.Connect the provided network cable to the black E0/PT connection on the bottom of the Aruba AP. ... Connect the other end of the network cable into an open port on your wireless router.More items...•

What is decrypt tunnel?

When an AP uses decrypt-tunnel forwarding mode, that AP decrypts and decapsulates all 802.11 frames from a client and sends the 802.3 frames through the GRE tunnel to the controller, which then applies firewall policies to the user traffic. When the controller sends traffic to a client, the controller sends 802.3 traffic through the GRE tunnel to the AP, which then converts it to encrypted 802.11 and forwards to the client. This forwarding mode allows a network to utilize the encryption/decryption capacity of the AP while reducing the demand for processing resources on the controller. APs in decrypt-tunnel forwarding mode also manage all 802.11 association requests and responses, and process all 802.11e and 802.11k action frames. APs using decrypt-tunnel mode do have some limitations that not present for APs in regular tunnel forwarding mode. You must enable the control plane security feature on the controller before you configure campus APs in decrypt-tunnel forward mode.

What is split tunnel 802.11?

Split-Tunnel: 802.11 frames are either tunneled or bridged, depending on the destination (corporate traffic goes to the controller, and Internet access remains local). A remote AP in split-tunnel forwarding mode handles all 802.11 association requests and responses, encryption/decryption, and firewall enforcement. the 802.11e and 802.11k action frames are also processed by the remote AP, which then sends out responses as needed.

What is 802.11 bridge?

Bridge: 802.11 frames are bridged into the local Ethernet LAN. When a remote AP or campus AP is in bridge mode, the AP (and not the controller) handles all 802.11 association requests and responses, encryption/decryption processes, and firewall enforcement.

Is there a separate tunnel for every access point?

For the control traffic there is a seperate tunnel for every access point. You can check that if you enter this via CLI: show datapath tunnel table

Does HA+fast failover support remote APs?

Also pertinent your decision are your crypto requirements and whether you are running HA+fast-failover (which currently doesn't support remote APs and has other limitations if your software isn't the latest.)

What is a RAP in Aruba?

With Aruba Remote Access Points (RAP), you can use the wireless controller that is already available at your main campus and allow the access points from these remote locations to associate, via the web, through a secure IPSec tunnel. Provisioning, authentication and configuration all can be managed from your controller. This is a large advantage over standalone access points at remote locations. This allows you to start treating your remote locations just like you would the main campus.

Is Dot1x a security solution?

Dot1x is even a supported option for additional security. The fact is that remote access points are a very cost effective way to extend your corporate network to smaller locations that normally would not justify the cost of the equipment to stand up a dedicated network topology.

Is Dot1x good for corporate wireless?

Giving users access to the corporate wireless network at remote locations or even their home is a very useful and beneficial feature, but there is one more thing that I really like. Aside from providing wireless network access with RAPs, you can also allow a wired device to be connected and have its connection tunneled back to the corporate campus. Very valuable for things like networked printers or any other wired devices. Dot1x is even a supported option for additional security.

What are the Aruba network remote access points?

Aruba Networks, as of this July 2021, has four series of remote access point models: 203R, 203H, 303H, 500H. Each of these models has been specifically designed for a room type of usage scenario. Hence these access points can very well be used in hospitality Industry as a room AP or in small remote branch offices.

Who owns Aruba Networks?

Aruba Networks belongs to Hewlett Packard Enterprise. The company was acquired by HP in 2015 for about $3B USD in an all cash deal.

Where should remote access points be placed?

The remote access point should be designed to be placed on a desktop or to easily mount on a wall. This is important because remote workers at home should not be expected to ceiling mount the access point as it will be an added inconvenience to them. Any employee should be able to easily unbox and place the access point at a convenient place over their desks or on nearby shelves or any such reachable flat surface.

Can access points be exorbitantly priced?

And yes, there is always an outside chance of a breakthrough scientific invention that can quickly bring the pandemic to an end. This could make WFH investments obsolete sooner than expected, at least in some geographies. For these practical reasons, the access point cannot be exorbitantly priced, increasing the risk of poor returns on investment (ROI).

Can Aruba remote access be powered?

All of these Aruba remote access point models can either be placed on a desk with a stand or easily mounted to a wall. They come with AC or DC plug options for simplified powering through home electric sockets. They can also be powered through PoE injectors or PoE switches. Being entry level access points, they also don’t consume a lot of electricity for their normal operations.

Can employees connect to personal devices in an access point?

There should be enough ports in the access point to connect other related office devices like an IP phone if needed. The employees may also be allowed to connect any personal devices as per IT policies.

Can an employee install a remote access point?

An employee with no knowledge of IT hardware should be able to connect to his existing Internet connection and if needed do some basic typing and clicking on their computer to finish the installation. This is critical because people from all departments in various age groups with different comfort levels in technology will be working from home. And the IT team cannot get onto calls with potentially hundreds of employees for installing their access points. Any employee should be able to follow a simple email guide to connect the remote access point with their Enterprise network.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9