12-13-2015 09:10 AM
Is it possible to do local breakout on an SSID and also provision another SSID which is tunneled to an L2TP or PPTP endpoint?
I haven't found a quick way to do it. Is it possible via CLI of GUI ?
12-13-2015 09:13 AM
12-13-2015 11:57 PM
Tim's answer applies to controller RAPs. If your question relates to Instant AP's (IAP-VPN, or RAPNG which is the same), you can check the guide at http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Tutorial-RAPNG-IAP-VPN-deployment-with-AirWave-central/td-p/148648
Where in part 2, creating a DHCP scope in L2 mode (VLAN) and putting your clients in that VLAN, will tunnel all trafiic to the controller; putting clients in a VLAN that lives on the trunk to your AP results in local bridging.
Please note that PPTP is not a valid VPN option for IAP-VPN; you can choose between Aruba IPSec, Aruba GRE (both to a mobility controller), L2TPv3 and manual GRE (which may work with other brands equipment).
Using a mobility controller as central termination point, has the additional benefit that all Aruba AP's have a built-in client certificate for authentication to the controller (protected in a trusted-platform, or TPM, chip). So authorizing the APs to the controller is extremely simple but still secure.
Does this help??
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).