1039| Instant AP VPN Support AOS-W 6.5.3.x| User Guide
IAPs support the following DHCP configuration modes:
n L2 Switching Mode: In this mode, IAP supports distributed L2 and centralized L2 switching modes of
connection to the corporate network. When an IAP registers with the switch and has a L2 mode DHCP pool
configured, the switch automatically adds the GRE or VPN tunnel associated to this IAP into the VLAN
multicast table. This allows the clients connecting to this L2 mode VLAN to be part of the same L2 domain
on switch.
n L3 Routing Mode: In this mode, IAP supports L3 routing mode of connection to the corporate network. The
VC assigns an IP addresses from the configured subnet and forwards traffic to both corporate and non-
corporate destinations. The IAP handles the routing on the subnet and also adds a route on the switch after
the VPN tunnel is set up during the registration of the subnet. When the IAP registers with a L3 mode DHCP
pool, the switch automatically adds a route to this DHCP subnet enabling routing of traffic from the
corporate network to clients on this VLAN in the branch.
Instant AP VPN Scalability Limits
AOS-W provides enhancements to the scalability limits for the IAP VPN branches terminating on the switch. The
following table provides the IAP VPN scalability information for various switch platforms:
Platforms Branches Routes L3 Mode Users NATUsers Total L2 Users
OAW-4550 8000 8000 64000
OAW-4650 16000 16000 128000
OAW-4750 32000 32000 128000
Table 256: Instant AP VPN Scalability Limits
n Branches—The number of IAP VPN branches that can be terminated on a given switch platform.
n Routes—The number of L3 routes supported on the switch.
n L3 mode and NAT mode users—The number of trusted users supported on the switch. There is no scale
impact on the switch. They are limited only by the number of clients supported per Instant AP.
n L2 mode users—The number of L2 mode users are limited to 128000 for OAW-4650 and OAW-4750 and
64000 across all other platforms.
Instant AP VPN OSPF Scaling
AOS-W allows each IAP VPN to define a separate subnet derived from a corporate intranet pool to allow IAP
VPN devices to work independently. For information on sample topology and configuration, see OSPFv2.
To redistribute IAP VPN routes into the OSPF process, use the following command :
(host)(config) # router ospf redistribute rapng-vpn
To verify if the redistribution of the IAP VPN is enabled, use following command:
(host) #show ip ospf redistribute
Redistribute RAPNG
To configure aggregate route for IAP VPN routes, use the following command:
(host) (config) # router ospf aggregate-route rapng-vpn
To Next Page
Loading...