Aruba Instant & Cloud Wi-Fi

Reply
MVP
Posts: 1,405
Registered: ‎10-25-2011

IAP distributed, L3 or Local, L3 dhcp services

I will be deploying a rather large Instant network which will be managed by Airwave or at least I hope it will :)

I am trying to determine the best configuration for DHCP for this network. I don't want it to go over the IAP-VPN tunnel. I would like for the scopes and gateway to be the IAP as everything will be locally egressed but certain traffic will be tunneled back through the IAP-VPN using routes.

 

What you recommend in terms of DHCP? Distributed, L3 or Local, L3.

I don't mind if all the scopes are the same across all of the stores and it is probably preferable from a management point of view.

 

Is there something I need to look out for that I may be forgetting. I know the Distributed, L3 method will divide the subnet chosen by the number of clients from the controller level but that seems to be the only difference between that and Local, L3.

 

Thoughts?

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: IAP distributed, L3 or Local, L3 dhcp services

I would go with Distributed, L3.  In this way, you are making a truly resilient and scalable network, the IAP (VC) is the client's gateway and will receive it's scope from the VPN controller in the datacenter.  In addition, you will have full L3 connectivity to each branch and be able to route and distribute those routes throughout your LAN with static or OSPF enabled.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,405
Registered: ‎10-25-2011

Re: IAP distributed, L3 or Local, L3 dhcp services

Hi Seth, thanks for the feedback, I thought about it a bit more, read a bit more and we won't be managing then LAN unfortunately only the wireless so we will only get to the IAPs through the VPN IP (VC IP) for management and/or Airwave, only traffic going through the tunnel would be RTLS back to the datacenter, everything else is straight internet (at least for the Guest SSID).

I don't want nor don't need I think the user subnet to be present to the VPN controller as there is no need for that which is what Distributed L3 and Local, L3 will give me since the scopes are handled by the VPN controller.

Even if I use a local dhcp scope, with the IAP-VPN I can get access to the VC and simply route what I need (RTLS).

There will be a corporate SSID (WPA2) that will strictly give internet access so users will receive a DHCP address from a local VLAN onsite and print from a printer on the same VLAN.

Even I do decide to go with Distributed, L3, it will probably leave me more flexibility in the future but for this type of design not sure it is required.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: