3 Replies Latest reply on Sep 5, 2013 9:28 AM by nick

    Tunnel between locations over a vpn

    flebeau New Member

      I understand of tunneling between APs when a location is not available directly on an access point, but there is one thing I'm not sure of.

       

      Here's the setup I'm trying to implement.  I have 5 sites that are all connected with Adtran 2830 by vpn.  All sites are able to see each other.  We'll have APs at all sites but I want to have everybody connected on the location of the head office.  So if someone connects to an AP at siteA, he would get an ip from the head office instead of siteA.  It seems to work over lan extension, but I'm not sure if it should work on vpn.

       

      Thanks

        • Re: Tunnel between locations over a vpn
          daniel.blackmon Employee

          flebeau,

           

          The access points (AP) will only tunnel traffic when the client's location is not support on the AP with which they have associated. We use EtherIP (IP protocol 97) to tunnel the layer 2 information needed for remote APs to support a network in which they have no interface. The AP will determine which locations it can support by sending out layer 2 traffic and monitoring the responses. Based on RFC 3378, EtherIP frames should traverse an IPSec tunnel without issue.

           

          By default a role will use the Native AP VLAN for clients associated to that particular role. This means that whatever IP network the AP resides in will also be used to support the wireless clients. However, it is possible to specify a location within a role, which would effectively force all users in that particular role into a defined IP network as well. This would affect all clients who would use this role.

          role-location.png