Ruijie Community
Title: How to configure RIPT [Print this page]
Author: GTAC-Daisy Time: 2021-11-5 15:50
Title: How to configure RIPT
Overview
The Remote Intelligent Perceptive Technology (RIPT) is also known as the smart AP technology. As a wireless network edge device (as compared with an AC), the smart AP can perceive its connection with the AC and take over external provision of wireless networks seamlessly once connection fails. The wireless RIPT solution can be deployed in enterprise branch networks for the availability and sustainability of inter-WAN networks between the AC and APs in case of faults. It can also be deployed in a Wireless Local Area Network (WLAN) network to reduce reliance on ACs and improve its availability.
RIPT supports below two scenarios:
1. In 802.1x authentication scenario, we configure a escape-SSID in advance. The escape-SSID is hidden and disabled when the CAPWAP tunnel between AP and AC is operational. Once the AP is disconnected from AC, the escape-SSID is enabled to provide local resource access for STAs. When the tunnel recovers, the escape-SSID is disabled. When the 802.1X authentication is enabled and the RIPT AP works in standalone mode, the STAs cannot access the network through the 802.1X authentication.
2. In Web authentication scenario, once the AP is disconnected from AC, STAs can access the network without authentication. When the tunnel recovers, the Web or MAB authentication is required again. When the Web or MAB authentication is enabled and the RIPT AP works in standalone mode, the STAs cannot access the network through the Web or MAB authentication. In this case, you can enable the Web authentication exemption function to provide network access for STAs.
I. Network Topology
None
II. Configuration Steps
In 802.1x authentication scenario
1, make sure you have done 802.1x authentication settings right, you are able to access the SSID, pass the authentication, and visit Internet & Intranet with local forwarding.
To enable local forwarding mode, as below,
Ruijie(config)#wlan-config 5 "802.1x"
Ruijie(config-wlan)# tunnel local
2, configure RIPT as below steps:
1) Configure escape SSID
Ruijie(config)#wlan-config 10 "escape SSID"
Ruijie(config-wlan)#tunnel local
Ruijie(config-wlan)# enable-ssid at-capwap-down
2).Enable ript under AP group configuration mode
Ruijie(config)#ap-group default
Ruijie(config-group)#ript enable
In Web authentication scenario
1, make sure you have done web authentication settings right, you are able to access the SSID, pass the authentication, and visit Internet & Intranet with local forwarding.
To enable local forwarding mode, as below,
Ruijie(config)#wlan-config 15 "web authentication"
Ruijie(config-wlan)# tunnel local
2, configure RIPT as below steps:
1). Enable "free web authen" under wlan-config mode
Ruijie(config)#wlan-config 15 "web authentication"
Ruijie(config-wlan)# free-webauth at-capwap-down
2) Enable ript under AP group configuration mode
Ruijie(config)#ap-group default
Ruijie(config-group)#ript enable
III. Verification
1. To display RIPT status, execute command "show ap-config summary ript-enable"
Ruijie#show ap-config summary ript-enable
AP Name IP Address Mac Address ript-enable State
-------------------------- --------------- -------------- ----------- -----
ap1 172.18.55.73 1414.4b54.0000YY Run
2. Simulate AC down by unplug network cable, power off (it is not applicable to administratorly shutdown port on AC).
a. To test 802.1x authentication ript scenario, connect SSID "escape SSID", without authentication, you are able to visit Internet & Intranet
b. To test web authentication ript scenario, connect SSID "web authentication", without authentication, you are able to visit Internet & Intranet
Note: If AC is DHCP Server that assign IP address to wireless users, then wireless user will no longer obtain IP address once AC is down. Therefore, do not set DHCP server for wireless user on AC in RIPT scenario.
Welcome to Ruijie Community (https://community.ruijienetworks.com/) |
Powered by Discuz! X3.2 |