Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
As Instant Access Point (IAP) use a virtual controller architecture, the IAP network does not require a physical controller to provide the configured WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. services. However, a physical controller is required for terminating VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels from the IAP networks at branch locations or data centers, where the HPE Aruba Networking controller acts as a VPN Concentrator.
When the VPN is configured, the IAP acting as the virtual controller creates a VPN tunnel to HPE Aruba Networking Mobility Controller in your corporate office. The controller acts as a VPN endpoint and does not supply the IAP with any configuration.
The VPN features are recommended for:
- Enterprises with many branches that do not have a dedicated VPN connection to the corporate office.
- Branch offices that require multiple APs.
- Individuals working from home, connecting to the VPN.
Supported VPN Protocols
IAPs support the following VPN protocols for remote access:
|
VPN Protocol |
Description |
|---|---|
|
|
IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. is a protocol suite that secures IP communications by authenticating and encrypting each IP packet of a communication session. You can configure an IPsec tunnel to ensure that to ensure that the data flow between the networks is encrypted. However, you can configure a split-tunnel to encrypt only the corporate traffic. When IPsec is configured, ensure that you add the IAP MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses to the allowlist database stored on the controller or an external server. IPsec supports Local, L2, and L3 modes of IAP-VPN operations. The IAPs support IPsec only with HPE Aruba Networking Controllers. |
|
|
GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. is a tunnel protocol for encapsulating multicast, broadcast, and L2 packets between a GRE-capable device and an endpoint. IAPs support the configuration of L2 GRE (Ethernet Ethernet is a network protocol for data transmission over LAN. over GRE) tunnel with an HPE Aruba Networking Controller to encapsulate the packets sent and received by the IAP. You can use the GRE configuration for L2 deployments when there is no encryption requirement between the IAP and controller for client traffic. IAPs support two types of GRE configuration:
IAPs support manual and HPE Aruba Networking GRE configuration only for L2 mode of operations. HPE Aruba Networking GRE configuration is supported only with HPE Aruba Networking Controllers. |
|
|
The L2TP Layer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. version 3 feature allows IAP to act as L2TP Access Concentrator (LAC) and tunnel all wireless clients L2 traffic from AP to LNS L2TP Network Server. LNS is an equipment that connects to a carrier and handles the sessions from broadband lines. It is also used for dial-up and mobile links. LNS handles authentication and routing of the IP addresses. It also handles the negotiation of the link with the equipment and establishes a session.. In a centralized L2 model, the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on the corporate side are extended to remote branch sites. Wireless clients associated with IAP gets the IP address from the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. server running on LNS. For this, AP has to transparently allow DHCP transactions through the L2TPv3 tunnel. |
