Filter
Top Products
aaa-profile <name>
rap-operation {always|backup|persistent}
ap-group <name>
ap-system-profile <name>
virtual-ap <name>
or
ap-name <name>
ap-system-profile <name>
virtual-ap <name>
Configuring Advanced Backup Options
You can also use the backup configuration (fallback mode) to allow the remote AP to pass through a captive portal,
such as network access in a hotel, airport, or other public network, to access the corporate network. For this scenario:
l Define a session ACL for the bridge SSID to source NAT all user traffic, except DHCP. For example, use any
any svc-dhcp permit followed by any any any route src-nat. Apply the session ACL to a remote AP user role.
l Configure the AAA profile. Make sure the initial role contains the session ACL previously configured.
The AAA profile defines the authentication method and the default user role.
NOTE: 802.1x and PSK authentication is supported when configuring bridge or split tunnel mode.
l Configure the virtual AP profile for the backup configuration.
n Set the remote AP operation to “always” or “backup.”
n Create and apply the applicable SSID profile.
n Configure a bridge SSID for the backup configuration. In the virtual AP profile, specify forward mode as
“bridge.”
For more information about the backup configuration, see "Configuring Fallback Mode" on page 524.
l Enter the remote AP DHCP server parameters in the AP system profile. For more information about the
parameters, see "Configuring the DHCP Server on the Remote AP " on page 526.
If you use a local DHCP server to obtain IP addresses, you must define one additional ACL to permit traffic
between clients without source NATing the traffic. Using the previously configured ACL, add user alias internal-
network any permit before any any any route src-nat.
l Connect the remote AP to the available public network (for example, a hotel or airport network).
The remote AP advertises the backup SSID so the wireless client can connect and obtain an IP address from the
available DHCP server.
NOTE: The client can obtain an IP address from the public network, for example a hotel or airport, or from the DHCP server on the
remote AP.
After obtaining an IP address, the wireless client can connect and access the corporate network and bring up the
configured corporate SSIDs.
The following is a high-level description of what is needed to configure the remote AP to pass through a captive
portal and access the corporate controller This information assumes you are familiar with configuring session ACLs,
AAA profiles, virtual APs, and AP system profiles and highlights the modified parameters.
Configuring the Session ACL in the WebUI
1. Navigate to the Configuration > Security > Access Control > Policies page.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide RemoteAccessPoints | 528