Product and Software: This article applies to all Aruba controllers and ArubaOS 5.0 and later.
Consider remote clients in separate VLANs that are associated to the same RAP. Typically, when these clients communicate with each other, their traffic must go back to the controller.
A peer-to-peer application like VoIP has higher latency in this situation.
Currently the Aruba controller allows direct peer-to-peer access by clients in split or bridge forwarding modes on the same RAP. This access is allowed even if the clients are in separate VLANs, but custom firewall rules are needed.
The RAP Local Client Accessfeature provides an easy configuration process to enable local access for clients on a RAP, without requiring custom firewall rules.
RAP Local Access is enabled from the AP system profile for each AP group.
To enable:
configure terminal ap system-profile <ap-profile> rap-local-network-access
To disable:
configure terminal ap system-profile <ap-profile> no rap-local-network-access
To show the status of RAP Local Access:
#show ap system-profile default
AP system profile "default"
---------------------------
Parameter Value
--------- -----
LMS IP N/A
........ ......
Remote-AP Local Network Access Enabled
If the RAP Local Access feature is enabled and two clients are behind the same RAP, the sessions between them should not appear on the controller. Instead, the sessions between them should appear on that AP with the destination pointing to "local" and the redirect (R) flag set for that session.
These two clients on the RAP should also have route-cache entries.