Migrate to Tunnel Concentrator using a Network Policy

Use this procedure to migrate a VGVA identity-based tunneling deployment that is managed by ExtremeCloud IQ to Tunnel Concentrator by switching to a new Network Policy.
  1. Clone the existing SSIDs that you want to migrate:
    1. On ExtremeCloud IQ (Classic), go to Configure > Common Objects > Policy > SSIDs.
    2. Select the SSID that the wireless network uses.
    3. Select (Clone) to create a new SSID based on the existing settings.
    4. For the new SSID, assign a unique SSID Name and Broadcast Name as these fields must have unique names within a single Network Policy.
  2. Clone the default User Profile that the SSID uses:
    1. Go to Configure > Common Objects > Policy > User Profiles .
    2. Select the default User Profile that your original SSID uses
    3. Select (Clone) to create a new profile based on existing settings.
    4. In the new User Profile, under Traffic Tunneling, select Tunnel Concentrator.
    5. For Tunnel Destination, select a Tunnel Concentrator.
      Note

      Note

      If you need to create the Tunnel Concentrator, select (+) and complete the configuration. For details, see Configure Tunnel Concentrator Service.
    6. Return to the SSID configuration for the new SSID clone and set Default User Profile to the new User Profile that you just created.
  3. Configure a new Network Policy with the Tunnel Concentrator settings:
    1. Go to Configure > Network Policy.
    2. Select Add Network Policy.
    3. Configure a new policy that includes the network settings that you want to assign to Tunnel Concentrator.
    4. Under 2 Wireless, add the SSID clones that you want to migrate to the new Network Policy.
      Note

      Note

      The original SSIDs should all be in your existing Network Policy.
  4. For the sites that you want to use the Tunnel Concentrator settings, assign the APs at the site to use the new Network Policy.
  5. Run the new configuration for a few days to verify the new settings. After the migration is verified, assign the new Network Policy to APs at the other sites.
Note

Note

When using cloud PPSKs (private pre-shared keys), make sure that you are aware of how the PPSKs are used in your Network Policy. A best practice is to create unique PPSK SSID combinations in each network policy and to reuse the user groups as needed.
9039477-00 Rev. AA