Wanted to know if the 4402 would fit our envirment till we move to a different means of authentication at our school. I already have the 4402 for the new method but we are not ready to deploy that as yet.
Currenly the wireless network we use has a VPN concentrator at the head of the network. We use standalone APs that broadcast an open SSID. Users attach the the SSID and get a private IP. They authenticate with a VPN client. Once authenticated they are given a public IP address.
I would like to be able to place the 4402 and its 1131 APs on this network and have it with with the VPN method we use know. What I don't know. Will I be able to config the 4402 to handle the private then public exchange of IP addresses that the client phase through as they authenticate? I have no control over the VPN and the DHCP servers. Everything is untagged on this network and there are no VLANs. Would I need to create interfaces for the private and public subnets that the client use? 4402 is on another subnet along with the AP. Since the network is untagged I might need a separate port for the private and public subnets. The 4402 would then not have enough ports for this to work or am I'm not thinking correctly.
I found the VPN passthrough setting for the WLAN an enabled it. It appears clients are connecting to the open WLAN. Looks like they are not getting a private IP.
We use external DHCP server and it isn't in same subnet as the pool it distributes. Users are to connect to the open WLAN and obtain a private IP from the DHCP server. They then authenticate via the VPN client and obtain a public address. Not sure how to define the interface for the WLAN. Should be be based on the private ip subnet or public. Since the DHCP server is not on the clients private subnet do I need a routing statement to allow client to be able to contact DHCP server.