Dell W-Series 228 Instant 6.4.3.1-4.2 User Guide - Page 244
Configuring an SSID or Wired Port, Enabling Dynamic RADIUS Proxy, Configuring Enterprise Domains
View all Dell W-Series 228 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 244 highlights
deployment is not on a VLAN or subnet that is in centralized or distributed L2 mode of operation. For information on hierarchical mode of deployment, see Understanding Hierarchical Deployment on page 126. Configuring an SSID or Wired Port For a client to connect to the IAP-VPN network, an SSID or wired port profile on a W-IAP must be configured with appropriate IAP-VPN mode of operation. The VLAN configuration in an SSID or wired port profile determines whether an SSID or wired port is configured for the IAP-VPN operations. To configure an SSID or wired port for a specific IAP-VPN mode, the VLAN ID defined in the SSID or wired port profile must match the VLAN ID defined in the DHCP profile configuration. If the VLAN assignment for an SSID or wired port profile is set to Virtual controller assigned, custom, or a static VLAN ID that does not match the VLAN ID configured in the DHCP profiles, the IAP-VPN operations are affected. For example, if a local DHCP profile is configured with a VLAN ID of 200, the VLAN configuration on the SSID must be set to a static VLAN ID 200. Ensure that the VLAN assignment for an SSID or wired port profile is not set to default as the VPN tunnel is not supported on the default VLAN. For information on how to configure an SSID or wired port profile, see Wireless Network Profiles on page 97 and Configuring a Wired Profile on page 119 respectively. Enabling Dynamic RADIUS Proxy The RADIUS server can be deployed at different locations and VLANs. In most cases, a centralized RADIUS or local server is used to authenticate users. However, some user networks can use a local RADIUS server for employee authentication and a centralized RADIUS based captive portal server for guest authentication. To ensure that the RADIUS traffic is routed to the required RADIUS server, the dynamic RADIUS proxy feature must be enabled. When enabled, dynamic RADIUS proxy ensures that all the RADIUS traffic is sourced from the Virtual Controller IP or inner IP of the W-IAP IPsec tunnel depending on the RADIUS server IP and routing profile. Ensure that a static Virtual Controller IP is configured before enabling dynamic RADIUS proxy, in order to tunnel the RADIUS traffic to the central RADIUS server in the datacenter. For information on enabling dynamic RADIUS proxy, see Configuring Dynamic RADIUS Proxy Parameters on page 171. Configuring Enterprise Domains By default, all the DNS requests from a client are forwarded to the clients DNS server. In a typical W-IAP deployment without VPN configuration, client DNS requests are resolved by the DNS server of clients. For the IAP-VPN scenario, the enterprise domain settings on the W-IAP are used for determining how client DNS requests are routed. For information on how to configure enterprise domains, see Configuring Enterprise Domains on page 201. Configuring a Controller for IAP-VPN Operations Dell Networking W-Series controllers provide an ability to terminate the IPSec and GRE VPN tunnels from the W-IAP and provide corporate connectivity to the branch network. For IAP-VPN operations, ensure that the following configuration and verification procedures are completed on the controller: l OSPF Configuration l VPN Configuration l Branch-ID Allocation 244 | IAP-VPN Deployment Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide