03-29-2014 06:27 AM
I have a requirement to change some campus APs to be raps so that I can change the guest ssid to be split-tunnel. The reason for this is that the customer has a requirement to allow guest users to be able to print to some of their corporate printers. All the guest traffic will be tunnelled to the controller, apart from traffic for the printers which will be 'route src-nat', as below
user alias printer any route src-nat any any any permit
So my question is whether or not Airgroup will still function if they decide to bring in wireless printers for the guests. As victorfabian said here it is only for tunnel and decrypt-tunnel modes. However, since RAP traffic sent into the tunnel to controller is decrypt-tunnel, it's not clear to me if this will work or not.
And extending this idea further, some of the sites have local controllers BUT the guest traffic is sent in an L2-GRE tunnel to the Master. The local is a 650 which doesn't support Airgroup, but the Master is a 360 which does support Airgroup. So in this case, will Airgroup work if they put a wireless printer on for the guests.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACCX #817, ACMP, ACMX #294
Solved! Go to Solution.
03-29-2014 07:17 AM - edited 03-29-2014 07:32 AM
The forwarding mode of the Virtual AP needs to be tunnel or decrypt tunnel for airgroup to work. MDNS(airprint) as a protocol will not work past a nat boundary, so if there is NAT between the guest network and the printer, consider something else like Google Cloud Print.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base