Appendix B
WLAN Extension with
Remote AP
Remote Access Point (RAP) solutions involve configuring a standard thin access point to provide a customer-defined level of service to the user by tunneling securely back to the corporate network over a wide area network. The WAN may be either be a private network such as a frame relay or MPLS network, or a public network such as a residential or commercial broadband Internet service. The same SSIDs, encryption, and authentication that exist on the corporate network are present on the RAP, or the administrator can choose to enable just a subset of the functionality of campus-connected APs. The Remote AP is a licensed feature, with each Remote AP requiring a separate license.
For telecommuter or home-office applications, an Aruba RAP is much more than a simple home wireless device. It is instead an extension of all of services available on the corporate network including voice and video in a similar fashion to a branch office but with fewer configuration headaches. For instance, the user’s laptop will automatically associate with the RAP just as it would in the corporate network, and allows for centralized management of a truly mobile edge. Dual-mode voice devices can place and receive calls.
IPSec/AES-CCM encrypted control channel | Corporate HQ |
Remote location
Guest
SSID
Corporate
SSID
Voice
SSID
| | | Websites | | |
| | | | | Corporate |
Internet | | traffic | Firewall / | SSID |
| | |
| NAT-T | | |
(split tunnel) | | |
| | | |
| | | | | | |
IPSec | Internet |
tunnel | Voice |
| SSID |
The feature integration of the RAP functions into both the Mobility Controller and thin AP as an end-to- end system is critical to having a solution that is both technologically and cost effective. By integrating authentication, encryption, firewall, and QoS features the network administrator has a single point of troubleshooting and maintenance. This reduces both initial capital expenditure as well as ongoing maintenance costs.
A much larger benefit that comes with this solution is transparent security. The RAP provides a solution that does not add any additional burden to the user beyond their regular login credentials. They simply see connectivity to the home office the same as it is when they are in the office. There is nothing new to remember to do, no tokens to lose, and no mistakes in connecting.
To connect to the Mobility Controller that is inside the corporate network, the Remote AP uses NAT Transversal (NAT-T) to connect through the corporate firewall to the Mobility Controller.
Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide | WLAN Extension with Remote AP 69 |
