Firewall [AP Management] - Manage Access Points located in Different Sites

This article will show you how to manage several access points (APs) on one firewall, even though it's located elsewhere. If you want to manage all branch APs on only one firewall, you can do this with this article. Businesses with multiple locations need to manage Wi-Fi systems from a centralized location. Is this possible? Yes, if a VPN connection is established between the MAIN site and each BRANCH office.  

Example:

The MAIN site has an ATP100 and BRANCH office USG Flex 100. The ATP 100 acts as an AP Controller to manage the access point. The BRANCH office uses a USG Flex 100 that does not have the AP Controller feature, or you want to manage the APs from one location.
mceclip0.png

Supported equipment table

This will help ensure that your equipment meets the requirements, i.e. the Firewall supports the AP controller function, and access points can be managed by the AP controller.
The latest data is available at the link: AP Controller Technology

Site-to-Site VPN

Set up a VPN connection between your sites. Detailed instructions can be found in our other article. Please use the link: VPN - Configure IPSec Site-To-Site VPN

Main Site Firewall (AP controller) settings

By default, Zywall services use the main routing table, so without adding the static route, the AP controller cannot reach the AP through the VPN tunnel (Site-to-Site VPN). Therefore, we need to add a rule to the "Static route."

Frewall > Configuration > Routing > Static Route
mceclip3.png

mceclip4.png

Remote Site Firewall settings

To avoid having to specify the controller's IP address on each access point. We can do this with the Firewall, which will work for all remote site access points. To do this, we use the CAPWAP protocol - is a standard, interoperable networking protocol that enables a central wireless LAN Access Controller to manage a collection of Wireless Termination Points.

Frewall > Configuration > Interface > Ethernet 

1. Select the subnet in which the APs are located. In our case, it is LAN1
2. Find the "Advance" block 
3. Click "Add"
4. In the "Options" field, select CAPWAP AP
5. In the "First IP Addresses", enter the address of your AP controller
6. Click "Ok"

mceclip1.png

Connect AP

Connect the AP to the Firewall directly or using a switch, as shown in the image at the top of this article. Go to the web GUI of the main Firewall that acts as an AP controller

Frewall > Configuration > AP Management > Mgmt. AP List 

mceclip5.png
You see that the AP is added, but it is offline.
mceclip6.png

It may take 1-2 minutes for the AP status to change.
mceclip7.png

Troubleshooting

1. Make sure your access point is on the list of supported devices
2. Check if your access point is on the list
mceclip8.png
3. Try accessing the web GUI of the remote access point from the controller's AP network
4. Reboot the access point 
5. Reset the access point to factory settings using the "Reset" button
 

Articles in this section

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.