Dell W-Series 324 Instant 6.5.1.0-4.3.1.0 User Guide - Page 225
Configuring a Tunnel from a W-IAP to a Mobility Controller, Supported VPN Protocols
View all Dell W-Series 324 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 225 highlights
Supported VPN Protocols Instant supports the following VPN protocols for remote access: Table 49: VPN Protocols VPN Protocol Description Dell IPsec IPsec is a protocol suite that secures IP communications by authenticating and encrypting each IP packet of a communication session. You can configure an IPsec tunnel to ensure that the data flow between the networks is encrypted. However, you can configure a split-tunnel to encrypt only the corporate traffic. When IPsec is configured, ensure that you add the W-IAP MAC addresses to the whitelist database stored on the controller or an external server. IPsec supports Local, L2, and L3 modes of IAP-VPN operations. NOTE: The W-IAPs support IPsec only with Dell controllers. Layer-2 (L2) GRE Generic Routing Encapsulation (GRE) is a tunnel protocol for encapsulating multicast, broadcast, and L2 packets between a GRE-capable device and an endpoint. W-IAPs support the configuration of L2 GRE (Ethernet over GRE) tunnel with a Dell controller to encapsulate the packets sent and received by the W-IAP. You can use the GRE configuration for L2 deployments when there is no encryption requirement between the W-IAP and controller for client traffic. W-IAPs support two types of GRE configuration: l Manual GRE-The manual GRE configuration sends unencrypted client traffic with an additional GRE header and does not support failover. When manual GRE is configured on the W-IAP, ensure that the GRE tunnel settings are enabled on the controller. l Aruba GRE-With Aruba GRE, no configuration on the controller is required except for adding the W-IAP MAC addresses to the whitelist database stored on the controller or an external server. Aruba GRE reduces manual configuration when Per-AP tunnel configuration is required and supports failover between two GRE endpoints. NOTE: W-IAPs support manual and Aruba GRE configuration only for L2 mode of operations. Aruba GRE configuration is supported only on Dell controllers. L2TPv3 The Layer 2 Tunneling Protocol version 3 (L2TPv3) feature allows the W-IAP to act as an L2TP Access Concentrator (LAC) and tunnel all wireless client's L2 traffic from the W-IAP to L2TP Network Server (LNS). In a Centralized, L2 model, the VLAN on the corporate side is extended to remote branch sites. Wireless clients associated with a W-IAP gets the IP address from the DHCP server running on LNS. For this, the W-IAP has to transparently allow DHCP transactions through the L2TPv3 tunnel. Configuring a Tunnel from a W-IAP to a Mobility Controller W-IAP supports the configuration of tunneling protocols such as Generic Routing Encapsulation (GRE), IPsec, and L2TPv3. This section describes the procedure for configuring VPN host settings on a W-IAP to enable communication with a controller in a remote location: l Configuring an IPsec Tunnel on page 226 l Configuring an L2-GRE Tunnel on page 227 l Configuring an L2TPv3 Tunnel on page 230 225 | VPN Configuration Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide