AP-VPN Deployment Scenarios
35.3 Scenario 3 - IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for Redundancy
SCALANCE W1750D UI
546 Configuration Manual, 02/2018, C79000-G8976-C451-02
7. Create access rule for wired and
wireless authentication. In this exam-
ple, the rule permits all traffic. For con-
tractor SSID role, the rule allows only
10.16.0.0/16 network and all other
traffic address is translated at the
source and the global routing profile
definition is bypassed.
(scalance)(config)# wlan access-rule wired-
port
(scalance)(Access Rule "wired-port")# rule
any any match any any any permit
For WLAN SSID employee roles:
(scalance)(config)# wlan access-rule wire-
less- ssid-contractor
(scalance)(Access Rule "wireless-ssid-
contractor")
# rule 10.16.0.0 255.255.0.0 match any any
any permit
(scalance)(Access Rule "wireless-ssid-
contractor")
# rule any any match any any any src-nat
See Configuring ACL
Rules for Network Ser-
vices
: Ensure that you execute the
command in the SCALANCE W CLI before saving the configuration and
propagating changes across the AP cluster.
AP-Connected Switch Configuration
Client VLANs defined in this example must be opened on the upstream switches in multiple
AP deployments, as client traffic from the slave to the master is tagged with the client VLAN.
For information on controller configuration, see Configuring a Controller for AP-VPN
Operations. The following OSPF configuration is required on the controller to redistribute AP-
VPN routes to upstream routers:
(scalance)(config) # router ospf
(scalance)(config) # router ospf router-id <ID>
(scalance)(config) # router ospf area 0.0.0.0
(scalance)(config) # router ospf redistribute rapng-vpn
To Next Page
Loading...
Need help?
General
