Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 5
Registered: ‎07-02-2014

Turning IAP's into Campus AP's in bridge mode (second site)

Good morning,

 

We currently have our second office in London deployed with 12 IAP's (AP 105) on an instant controller, we want to move these onto the master controller at our main office, but to pick up the local VLAN's in London for user traffic. In between this we have a firewalled private WAN.

 

It is my understanding that we do not require RAP's for this as there is no need for the IPSEC tunnel, and that Campus AP's in bridge-mode will work. Can I please confirm this, and also, are there limitations to the amount of AP's which can be deployed in this manner?

Thanks in advance.

 

Darren

Guru Elite
Posts: 20,012
Registered: ‎03-29-2007

Re: Turning IAP's into Campus AP's in bridge mode (second site)

What country is your master controller in?

How many SSIDs or services are you providing on your current instants?

If there is a firewall, it will not work if there is a NAT boundary between your Campus APs and the controller.  In addition if you are running in Campus Mode there are a number of firewall ports that would need to be opened to support those APs.

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎07-02-2014

Re: Turning IAP's into Campus AP's in bridge mode (second site)

Hi Colin,

 

Everything is in the UK.

 

There is no NAT boundary between the remote office and the office where the Master is, it is all on our corporate MPLS, there shouldn't be any issues regarding firewall rules neither, we have full control over this.

 

We are currently providing 4x SSID's on the instants, some of which already authenticate with Radius servers back at the main office. We would like to move the London AP's onto the master controller for control, monitoring and authentication only, but users will pick up their respective VLAN from the local switch.

 

Thanks

Guru Elite
Posts: 20,012
Registered: ‎03-29-2007

Re: Turning IAP's into Campus AP's in bridge mode (second site)

You can do this if:

 

- You have Control Plane Security enabled on your controller

- Open Ports on your firewall:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-63 https://arubanetworkskb.secure.force.com/pkb/articles/Troubleshooting/R-1205

- Configure the physical switches that the access points are on as trunks if you want to put users in multiple VLANs

- Captive Portal traffic must be tunneled back to the controller, because Captive Portal is not supported on bridged SSIDs.

 

Those are the high-level requirements.  There are certainly more details that need to be worked out.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎07-02-2014

Re: Turning IAP's into Campus AP's in bridge mode (second site)

Thanks,

 

Yes, there certainly are more details to be worked out, I just wanted to ensure I am heading in the right direction, I intend to convert one of the 105's onto the controller and test from there.

 

As yet we have no captive portal in the company.

 

I read somewhere that the 105 series AP's do not need control-plane as they have a bespoke cert in built, is this correct?

One more question, is there a limit on the number of campus AP's at a remote site?

 

 

Guru Elite
Posts: 20,012
Registered: ‎03-29-2007

Re: Turning IAP's into Campus AP's in bridge mode (second site)

If you are doing bridging with Campus APs, you need to have control plane security enabled; that is a requirement.

 

There is no practical limit to the number of Campus APs at a site.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: