Controller-less WLANs

How to pass IAP guest traffic to Controller

by ‎06-01-2014 08:25 PM - edited ‎06-01-2014 08:25 PM

Symptoms

How to pass IAP guest traffic to Controller?

Diagnosis

Any Aruba IAP
Any Aruba Controller
Aruba OS 6.2 and above

 

Need to configure a DMZ Controller and want guest traffic from IAP to route to the Controller

Solution

These exceptions may be needed for management (such as for 802.1x Auth, Airwave pull, etc.).
Or when local bridging of corporate users is not feasible (as when IAP is deployed over the Internet).

 

 

If customer wants to use guest ssid on IAP same way as DMZ controller design.One easy way to do this would be, if that VLAN can be local, then the traffic should be able to bridge locally for that VLAN as it would not hit the routing profile of the VPN.

These exceptions may be needed for management (such as for 802.1x Auth, Airwave pull, etc.).
Or when local bridging of corporate users is not feasible (as when IAP is deployed over the Internet).

Version 3.3 added policy-based corporate access and source based routing.

In 3.2, you can create route exceptions when next hop uplink is known. For example, say that all 192.168 subnets are local to the branch:

routing-profile
route  192.168.0.0 255.255.0.0 192.168.1.1     <branch router
route  0.0.0.0  0.0.0.0  10.100.200.45   <primary VPN/DMZ controller
route  0.0.0.0  0.0.0.0  10.100.200.46   <secondary VPN/DMZ controller

 

If customer wants to use guest ssid on IAP same way as DMZ controller design.One easy way to do this would be, if that VLAN can be local, then the traffic should be able to bridge locally for that VLAN as it would not hit the routing profile of the VPN.

These exceptions may be needed for management (such as for 802.1x Auth, Airwave pull, etc.).
Or when local bridging of corporate users is not feasible (as when IAP is deployed over the Internet).

Version 3.3 added policy-based corporate access and source based routing.

In 3.2, you can create route exceptions when next hop uplink is known. For example, say that all 192.168 subnets are local to the branch:

routing-profile
route  192.168.0.0 255.255.0.0 192.168.1.1     <branch router
route  0.0.0.0  0.0.0.0  10.100.200.45   <primary VPN/DMZ controller
route  0.0.0.0  0.0.0.0  10.100.200.46   <secondary VPN/DMZ controller

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.