AP-VPN Deployment
20.2 Configuring AP and Controller for AP-VPN Operations
SCALANCE W1750D UI
332
Configuration Manual, 02/2018, C79000-G8976-C451-02
Configuring Routing Profiles
The routing profile on the AP determines whether the traffic destined to a subnet must be
tunneled through IPsec or bridged locally. If the routing profile is empty, the client traffic will
always be bridged locally. For example, if the routing profile is configured to tunnel 10.0.0.0
/8, the traffic destined to 10.0.0.0 /8 will be forwarded through the IPsec tunnel and the traffic
to all other destinations is bridged locally.
You can also configure a routing profile with 0.0.0.0 as gateway to allow both the client and
AP traffic to be routed through a non-tunnel route. If the gateway is in the same subnet as
uplink IP address, it is used as a static gateway entry. A static route can be added to all
master and slave APs for these destinations. The VPN traffic from the local subnet of AP or
the VC IP address in the local subnet is not routed to tunnel, but will be switched to the
relevant VLAN. For example, when a 0.0.0.0/0.0.0.0 routing profile is defined, to bypass
certain IPs, you can add a route to the IP by defining 0.0.0.0 as the destination, thereby
forcing the traffic to be routed through the default gateway of the AP.
You can configure routing profiles through More > VPN > Controller UI. For step-by-step
procedural information on configuring routing profile, see Configuring Routing Profiles
(Page 323).
Note
The AP network has only one active tunnel even when fast failover is enabled. At any given
time, traffic can be tunneled only to one VPN host.
Configuring DHCP Profiles
You can create DHCP profiles to determine the AP-VPN mode of operation. An AP network
can have multiple DHCP profiles configured for different modes of AP-VPN. You can
configure up to eight DHCP profiles. For more information on the AP-VPN modes of
operation, see AP-VPN Forwarding Modes (Page 327).
You can create any of the following types of DHCP profiles for the AP-VPN operations:
●
Local
●
Local, L2
●
Local, L3
●
Distributed, L2
●
Distributed, L3
●
Centralized, L2
●
Centralized, L3
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...