Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

7010 multiple vlan's and a management interface

This thread has been viewed 10 times

  • 1.  7010 multiple vlan's and a management interface

    Posted Jun 14, 2016 08:47 AM

    Hello,

     

    We need to offer our company's SSID in a building which network is managemed by a different party using Aruba equipement, us using Cisco. The idea is to build a tunnel from their Aruba controller to our Aruba controller (Cisco and Aruba wireless is hard to make each other understand) and connect the specific SSID vlan to the Cisco L3 switch onto which also the Cisco guest controllers are connected.

    So the idea is to configure a vlan on our Aruba 7010 matching the SSID vlan, and 'bind' it to a specific port on this controller, disable the other ports except the management port for in band management. And 1 port specific for the tunnel setup.

     

    But how do I create the right setup in order to have the management traffic seperated? I'm not able to create a default route for the management interface: 

    Error: Default gateway cannot be in the subnet of management interface

    Seems an Aruba 7010 does have a routing  virtualization like a Cisco Lite VRF.

     

    Any ideas?

     

    Cheers,

    Andre



  • 2.  RE: 7010 multiple vlan's and a management interface

    EMPLOYEE
    Posted Jun 14, 2016 08:51 AM

    I would not bother with the management interface.  It does not really apply to current controller models that are being produced.  Back in the day, there was a separate physical management port that had no routing and you could give it an ip address via the management interface.  Don't do that, because it will not work and will cause ip conflicts of you try to make it work like that.

     

    You mentioned a whole set of things, but it would best if you post a network diagram so we know what you are trying to accomplish.  I think I understand, but it is best that you give us a startingpoint so that we know that we are talking about the same thing.



  • 3.  RE: 7010 multiple vlan's and a management interface

    Posted Jun 14, 2016 09:47 AM

    Hello Collin,

     

    Ok so better to create a separate management vlan on the 7010 and point it to a specific interface I guess?

    A quick and (hopefully not to) dirty network diagram :wireless.png

     

    Much appreciated!

    Cheers,

    Andre



  • 4.  RE: 7010 multiple vlan's and a management interface

    EMPLOYEE
    Posted Jun 14, 2016 11:40 AM

    You can make any VLAN a management VLAN.  The question is, what do you want to do with that ip address, just manage the controller?  If that is the case, any ip address on the controller would suffice.

     

    It sort of looks like you want users at another site to access a VLAN at your site via a site to site VPN.

     

    You could create a site to site VPN that bridges traffic from one site to another.  Please see the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-connect-a-private-VLAN-over-the-Internet-with-security/ta-p/177818