12-13-2015 09:10 AM
Is it possible to do local breakout on an SSID and also provision another SSID which is tunneled to an L2TP or PPTP endpoint?
I haven't found a quick way to do it. Is it possible via CLI of GUI ?
12-13-2015 09:13 AM
You'll need to be sure cpsec is enabled to support bridge mode.
Sent from Nine
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
12-13-2015 11:57 PM
Tim's answer applies to controller RAPs. If your question relates to Instant AP's (IAP-VPN, or RAPNG which is the same), you can check the guide at http://community.arubanetworks.com/t5/Aruba-Instan
Where in part 2, creating a DHCP scope in L2 mode (VLAN) and putting your clients in that VLAN, will tunnel all trafiic to the controller; putting clients in a VLAN that lives on the trunk to your AP results in local bridging.
Please note that PPTP is not a valid VPN option for IAP-VPN; you can choose between Aruba IPSec, Aruba GRE (both to a mobility controller), L2TPv3 and manual GRE (which may work with other brands equipment).
Using a mobility controller as central termination point, has the additional benefit that all Aruba AP's have a built-in client certificate for authentication to the controller (protected in a trusted-platform, or TPM, chip). So authorizing the APs to the controller is extremely simple but still secure.
Does this help??
If you have urgent issues, please contact your Aruba partner or Aruba TAC.