09-17-2009 01:22 PM
We have recently rolled out Aruba wireless on our main campus. Now its time to put APs at our remote offices. These offices are connected by VPN and on its own subnet. I would like to put an AP at a remote site and let it connect back to the controller through that existing VPN and provide connectivity to users on the existing subnet.
My questions are: Do i need RAP licenses? I have read through the VBN document and that doesn't seem to apply because of our VPN. Would I have to create a new SSID for each of the remote sites since they are on separate subnets? Has anyone seen documentation for this type of setup?
09-17-2009 01:45 PM
set/adjust the MTU that the AP uses for the GRE tunnels. This is in the
system-profile of the AP. Since the overall VPN link is using a lower
MTU, the AP should be set a little lower. I've seen MTU discovery not
work over VPN links, so this is the reason to manually set it. But you
should test it to see if you need to do this at all I think.
If you're going to set these APs as "RemoteAPs", then they'll use an MTU
09-18-2009 07:11 AM
Adding to what bjwhite said, if the VPN is such that controller IP is reachable via the link, then you would not need RAP licenses or VPN licenses. You would only need standard campus AP licenses. Just make sure your MTU issues are taken care of.
As far as the SSIDs, you can use the existing ones, but remember that from a campus AP perspective, all traffic will be tunnelled back to the controller. Any wireless traffic destined for local servers, printers, clients, voice gateways, etc, will be sent to the controller, decrypted and sent back to the site where the client lives. The reply for that packet would then be sent back to the controller, encrypted and forwarded to the originating AP. This may result in added traffic over the WAN link.
If you have significant local traffic at your remote sites, you may want to consider and small (600 series) controller at each site (depending on the number of APs per site) OR setting up Remote APs (RAPs) at the remote sites so that you can bridge local traffic and avoid the WAN utilization.
10-16-2009 06:19 AM