Wired Intelligent Edge (Campus Switching and Routing)

Reply
New Contributor

Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

We have several branch locations where we have been running S1500 MAS switches with "Distributed L3 DHCP Scopes", where the branch switch creates a tunnel back to an on-campus controller, and wired clients are handed out an internal IP with DHCP. This is described on page 395 of the ArubaOS 7.4.x User Guide for MAS switches, and it has worked really well for us for small branch deployments. 

 

The config on the S1500 looked like this:

#
crypto aruba-vpn
  interface vlan 1
  peer-ip [controller.ip.address]
# 
ip-profile
   route 172.16.0.0 255.240.0.0 ipsec "aruba-vpn" 0
#
ip dhcp aruba-vpn-pool "my-aruba-vpn-pool" 
  domain-name "mydomain.edu"
   lease 1 0 0 0
   dns-server 192.168.10.21
   dns-server 192.168.10.22
   server-type "Distributed,L3"
   ip-range 172.31.254.1 172.31.255.255
   client-count 50
   reserve last 7
#
interface vlan "3"
   aruba-vpn-pool-profile "my-aruba-vpn-pool"
#
interface-profile switching-profile "3"
   access-vlan 3
   native-vlan 3
#
interface gigabitethernet "0/0/0"
   switching-profile "3"
#

Looking to eventually replace these older switches, I am trying to get the same or similar functionality from a 3810M switch running 16.05.0007 firmware.  I do not see what I am looking for in the documentation.  There is a command "aruba-vpn type..." but this looks like it's more for management of the switch, not for routing of clients.

 

Can anyone tell me if the "new" Aruba switches support "Distributed DHCP Scopes" or something similar?

Aruba Employee

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

Hi, 

 

Probably the best way to achieve the capability you're looking for is by using the dynamic segmentation feature in our switches, also formally known as tunneled node.  With this, you can tunnel traffic based on a per port or per user basis to a Mobility controller.  

 

There are externally accessible videos here:

 

Per user: https://www.youtube.com/watch?v=AadDk48mp58&t=299s

 

Per Port: https://www.youtube.com/watch?v=6Foxl7xnXNc&t=77s

 

It's also in the Management and Configuration Guide under chapters 29 and 31.

 

https://support.hpe.com/hpsc/doc/public/display?docId=a00038741en_us

 

Regards, 

 

Justin

New Contributor

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

Thank you Justin. I'm familiar with tunneled node on the MAS switches - we are using it inside our LAN, but have not tried it at branch locations.  Is there any reason not to do the folllowing, using an internet-facing interface on the controller?

 

switch(config)#tunneled-node-server
switch(tunneled-node-server)# controller-ip <Controller WAN IP>

In short, are you saying the feature described here is not availble in the "post-MAS" switches?
Distributed_DHCP_Scope

 

Aruba Employee

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

We don't have a current vpn capability in the Aruba switches and don't have a current solution for a distributed dhcp scope.  We can only establish a IPSec tunnel for Airwave Management.

 

With regards to the tunneling to a branch, two considerations need to be made.  We don't support tunnels over NAT and Jumbo frames need to be enabled everywhere where the tunnel will traverse.  So over a WAN link, there are potential fragmentation issues.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: