Controller Configuration to bring up a RAP.
1. Create a non routable L2TP IP pool for RAP by navigating to Advanced Services > VPN Services > IPSEC > Address pools.
2. Make sure your controller supports certificate based RAP. Beacuse legacy controllers doesn't have TPM module and we can't bring up cert-based RAP with a legacy controller. Check the TPM module availability in the controller using the command "(Controller) #show tpm cert-info"
3. Make sure your RAP gets an IP address from the correct DHCP pool or the IP is statically assigned.
4. Access the RAP console and give the master IP address. (Give the controller private Ip address as master IP, if it is in local network (or) provide a public IP as master IP if a RAP is connected through public network)
5. Please find the list of ports below which has to be opened in firewall for AP and RAP operation.
Between AP and LMS controller
1. FTP (tcp/20 and tcp/21)
2. TFTP (udp 69) - (for AP-52; for all other APs, if there is no local image on the AP, for example, a brand new AP, the AP will use TFTP to retrieve initial image)
3. NTP (udp/123)
4. SYSLOG (udp/514)
5. PAPI (udp/8211)
6. GRE (protocol 47)
Between Remote AP (IPSec) and controller
1. NAT-T (udp/4500)
2. TFTP (UDP/69) - note: Not needed for normal operation. If the RAP loses the local image for whatever reason, TFTP is used to download the latest image.
1. Create a non routable L2TP IP pool for RAP by navigating to Advanced Services > VPN Services > IPSEC > Address pools.
2. Make sure your controller supports certificate based RAP. Beacuse legacy controllers doesn't have TPM module and we can't bring up cert-based RAP with a legacy controller. Check the TPM module availability in the controller using the command "(Controller) #show tpm cert-info"
3. Make sure your RAP gets an IP address from the correct DHCP pool or the IP is statically assigned.
4. Access the RAP console and give the master IP address. (Give the controller private Ip address as master IP, if it is in local network (or) provide a public IP as master IP if a RAP is connected through public network)
5. Please find the list of ports below which has to be opened in firewall for AP and RAP operation.
Between AP and LMS controller
1. FTP (tcp/20 and tcp/21)
2. TFTP (udp 69) - (for AP-52; for all other APs, if there is no local image on the AP, for example, a brand new AP, the AP will use TFTP to retrieve initial image)
3. NTP (udp/123)
4. SYSLOG (udp/514)
5. PAPI (udp/8211)
6. GRE (protocol 47)
Between Remote AP (IPSec) and controller
1. NAT-T (udp/4500)
2. TFTP (UDP/69) - note: Not needed for normal operation. If the RAP loses the local image for whatever reason, TFTP is used to download the latest image.
Hiç yorum yok:
Yorum Gönder