Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

How can we send Central traffic outside IAP-VPN tunnel ? 

May 16, 2018 07:22 AM

Q:

How can we send Central traffic outside IAP-VPN tunnel ?



A:

Beginning 8.3, we can send traffic destined to Aruba Central outside VPN tunnel in case IAP-VPN is in use.

  • Customers would like to send all user generated traffic within the VPN tunnel to their data center, and have the traffic to Activate/Central to be sent outside the tunnel over the internet directly.
  • Before 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will follow global route setting via tunnel.
  • In 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will be routed via IAP’s local gateway.

The feature will enable automatically when IAP default route is set to  tunnel.

To manage traffic sent to Activate/Central, IAP introduced cloud domain list.

During connection with Central, IAP will add below domain & IP addresses into cloud domain list:

  1. Activate domain “device.arubanetworks.com” by default.
  2. Central domain which it receives from Activate.
  3. Websocket address redirected by Central.
  4. Additional domain/IP pushed from Central (eg. cloud guest);  

Example:

IAP# show ap debug cloud-domain-list 


Cloud Domain List
-----------------
cloud-domain
------------ 
device.arubanetworks.com              ------>>>> Activate domain
34.213.76.57                                        ------>>>> Central websocket IP address

This article applies beginning 8.3 version.

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.