Controllerless Networks

Is it possible to do local breakout on an SSID and also provision another SSID which is tunneled to an L2TP or PPTP endpoint? 

I haven't found a quick way to do it. Is it possible via CLI of GUI ? 

Yes, tunneling is configured by virtual-AP profile (SSID). You'll find the forwarding mode in the virtual AP profile.

You'll need to be sure cpsec is enabled to support bridge mode.

Sent from Nine

Tim's answer applies to controller RAPs. If your question relates to Instant AP's (IAP-VPN, or RAPNG which is the same), you can check the guide at http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Tutorial-RAPNG-IAP-VPN-deployment-with-AirWave-central/td-p/148648

 

Where in part 2, creating a DHCP scope in L2 mode (VLAN) and putting your clients in that VLAN, will tunnel all trafiic to the controller; putting clients in a VLAN that lives on the trunk to your AP results in local bridging.

 

Please note that PPTP is not a valid VPN option for IAP-VPN; you can choose between Aruba IPSec, Aruba GRE (both to a mobility controller), L2TPv3 and manual GRE (which may work with other brands equipment).

 

Using a mobility controller as central termination point, has the additional benefit that all Aruba AP's have a built-in client certificate for authentication to the controller (protected in a trusted-platform, or TPM, chip). So authorizing the APs to the controller is extremely simple but still secure.

 

Does this help??

Thanks guys ..

I'll try this with an IAP-205H and get back with an update.