|
Summary:
TotalRoam creates a secure tunnel between the TotalRoam Client and the TotalRoam Gateway so that traffic can be seamlessly processed from the client to applications regardless of the active transport network while maintaining a static IP address for the client. In order to create this tunnel from the TotalRoam Client to the TotalRoam Gateway and back, TotalRoam excludes some key devices along the path of the network to the TotalRoam Gateway. These devices that are excluded from participating in the tunnel include the transport addresses of the gateway, the default gateway of the client’s transport adapters and the DHCP servers which service the client adapters. The majority of the transport adapters rely on the transport’s default gateway to request and process address resolution and provide the next hop to the TotalRoam Gateway from the client. When the TotalRoam Client is configured to process all client data, every other address and device within the network will be treated as a device where data is tunneled when communicating with this device. When tunneling data from the client to the gateway, the TotalRoam Gateway is expected to process the address resolution for all devices which reside within the defined range of the company network.
The Tropos network provides a mesh of access points to allow for a wider coverage area and allows for roaming from cell to cell. This architecture relies on a different mechanism to allow for address resolution. The Tropos architecture utilizes the currently associated access point to request and process the address resolution through the wireless network.
When integrating TotalRoam within the Tropos network, address resolution must be taken into consideration to allow for the cells to handle this process. Without allowing for this within the configuration, the TotalRoam Client will not respond to the ARP requests of the Tropos devices because the addresses that are being responded to are considered traffic that should be tunneled. Because the resolution is not processed to the Tropos cells, the TotalRoam Gateway will not receive a valid ARP address for the TotalRoam transport addresses and a successful route registration will not be processed. To overcome this situation, Rules Based Routing must be configured to exclude the Tropos cells and allow for successful address resolution. There are two methods to address this situation with Rules Based Routing. Exclude the entire Tropos network or individually exclude the Tropos cells. The method that is implemented depends upon the configuration of the Tropos network and company resources.
Method One:
Exclude the entire Tropos network. When implementing this method, you must ensure that there are no devices that the clients need to communicate with through the tunnel. This means that the Tropos network resides on its own subnet and no other device resides on that subnet.
As the above diagram illustrates, the Tropos network contains nothing other than the Tropos access points and clients. In this network configuration, create a rule to exclude the entire network of 192.168.1.0/24 from the tunnel. The rule that is needed to accomplish this is configured as follows on each TotalRoam Client:
When this rule is created, activate the Rules Based Routing within the TotalRoam Client and the system will function as expected.
Method Two:
Exclude each Tropos node: To implement this method around the ARP issue, the IP address of each Tropos node needs to be known when the rules are created on each client. This method will be implemented when there are computing resources located within the Tropos network as in the following diagram:
In this network configuration, each node must be excluded from the TotalRoam tunnel. A rule must be created for each of the IP addresses associated with the Tropos access points. The following screen capture is a sample for one node:
Each node needs a rule created on every client to successfully exclude the Tropos network from the tunnel created by TotalRoam. The complete rule list for this diagram is as follows:
When either of these methods are configured on the TotalRoam Clients, the system will correctly respond to the ARP requests send by the Tropos access points and allow for the integration of the Tropos network.
Applies To:
TotalRoam 4.0 (Client)
6100 Remote Access Router™ running TotalRoam 4.0
|
