How to configure RIPT

Overview

The Remote Intelligent Perceptive Technology (RIPT) is also known as the smart AP technology. As a wireless network edge device (as compared with an AC), the smart AP can perceive its connection with the AC and take over external provision of wireless networks seamlessly once connection fails. The wireless RIPT solution can be deployed in enterprise branch networks for the availability and sustainability of inter-WAN networks between the AC and APs in case of faults. It can also be deployed in a Wireless Local Area Network (WLAN) network to reduce reliance on ACs and improve its availability.

RIPT supports below two scenarios:

1. In 802.1x authentication scenario, we configure a escape-SSID in advance. The escape-SSID is hidden and disabled when the CAPWAP tunnel between AP and AC is operational. Once the AP is disconnected from AC, the escape-SSID is enabled to provide local resource access for STAs. When the tunnel recovers, the escape-SSID is disabled. When the 802.1X authentication is enabled and the RIPT AP works in standalone mode, the STAs cannot access the network through the 802.1X authentication.

2. In Web authentication scenario, once the AP is disconnected from AC, STAs can access the network without authentication. When the tunnel recovers, the Web or MAB authentication is required again. When the Web or MAB authentication is enabled and the RIPT AP works in standalone mode, the STAs cannot access the network through the Web or MAB authentication. In this case, you can enable the Web authentication exemption function to provide network access for STAs.

I. Network Topology

None

II. Configuration Steps

In 802.1x authentication scenario

1, make sure you have done 802.1x authentication settings right, you are able to access the SSID, pass the authentication, and visit Internet & Intranet with local forwarding.  

To enable local forwarding mode, as below,

Ruijie(config)#wlan-config 5 "802.1x"

Ruijie(config-wlan)# tunnel local

2, configure RIPT as below steps:

1) Configure escape SSID

Ruijie(config)#wlan-config 10 "escape SSID"

Ruijie(config-wlan)#tunnel local

Ruijie(config-wlan)# enable-ssid at-capwap-down

2).Enable ript under AP group configuration mode

Ruijie(config)#ap-group default

Ruijie(config-group)#ript enable

In Web authentication scenario

1, make sure you have done web authentication settings right, you are able to access the SSID, pass the authentication, and visit Internet & Intranet with local forwarding.

To enable local forwarding mode, as below,

Ruijie(config)#wlan-config 15 "web authentication"

Ruijie(config-wlan)# tunnel local

2, configure RIPT as below steps:

1). Enable "free web authen" under wlan-config mode

Ruijie(config)#wlan-config 15 "web authentication"

Ruijie(config-wlan)#  free-webauth at-capwap-down

2) Enable ript under AP group configuration mode

Ruijie(config)#ap-group default

Ruijie(config-group)#ript enable

III. Verification

1.     To display RIPT status,  execute command "show ap-config summary ript-enable"

Ruijie#show ap-config summary ript-enable

AP Name                    IP Address      Mac Address    ript-enable State

-------------------------- --------------- -------------- ----------- -----

    ap1                        172.18.55.73    1414.4b54.0000YY      Run

2. Simulate AC down by unplug network cable, power off (it is not applicable to administratorly shutdown port on AC).

a. To test 802.1x authentication ript scenario, connect SSID "escape SSID", without authentication, you are able to visit Internet & Intranet

b. To test web authentication ript scenario, connect SSID "web authentication", without authentication, you are able to visit Internet & Intranet

Note: If AC is DHCP Server that assign IP address to wireless users, then wireless user will no longer obtain IP address once AC is down. Therefore, do not set DHCP server for wireless user on AC in RIPT scenario.