Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor II
Posts: 148
Registered: ‎04-13-2009

Reconnect User On Failover option per SSID?

Hello Everyone,

 

I am trying to configure IAP with anchor controllers in the DMZ to tunnel guest traffic out to the internet.

 

For our network we have two SSID, a corporate SSID which is bridged locally form the IAP to the upstream VLAN, and a Guest network which utilizes Centralized,L2 VPN tunnel back to the controllers in the DMZ.

 

We have two DMZ for redundancy, and if the VPN fails to DMZ1, the IAPs switch their VPN over to DMZ2 controllers. DMZ2 has a different VLAN for the guest users, and a different subnet.

 

In the IAP VPN configuraiton there is an option 'Reconnect Users on Failover. When this option is enabled, the IAP will bring down its SSIDs on failover. The issue is that this brings down all of the SSIDs. The corporate SSIDs which do not utilize the VPN tunnel for anything are also brought offline.

 

I have tested disabling the 'Reconnect Users on Failover' option and the corporate network works fine with this. However in this case Guest lose access until they re-associate since the IP lease they have is no longer valid.

 

So, is there any way to limit which SSIDs are effected by this option? I have submitted a feature request https://arubanetworkskb.secure.force.com/prm/ideas/viewIdea.apexp?id=08740000000LHdu

 

Pending that being approved and implemented, does anyone have any workaround for this?

 

_ELiasz

-------------------
ACDX, ACCP, CISSP, CWNA
MVP
Posts: 1,399
Registered: ‎10-25-2011

Re: Reconnect User On Failover option per SSID?

promoted that idea. good idea.
I can't think of anything to help in this case
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
MVP
Posts: 138
Registered: ‎07-12-2012

Re: Reconnect User On Failover option per SSID?

Hi there,

 

    It would be nice if Aruba would implement this feature, but till then I would recommend you to try to do the following:

         - on DMZ2 replicate the VLAN that users have

         - install a dedicated DHCP server

    This might provide you a way arround till the feature.

 

Good day.

If you found my post helpful, please give kudos!
Search Airheads
Showing results for 
Search instead for 
Did you mean: