08-25-2015 09:12 PM
As part of a larger expansion and migration, I'll be replacing a customer's 2 3600 MCs with new 7205 MCs. These new MCs will be moved from outside in the DMZ and into the customer's production network. It had been suggested to them that one of the old 3600s should be re-purposed as a DMZ Anchor Controller to accept RAPs terminating from the Internet. Two questions: I can't find this scenario described in detail ie. what do I need to configure specifically, and second, is this necessary? Thanks in advance.
Solved! Go to Solution.
08-25-2015 09:16 PM
08-25-2015 09:19 PM
The "Anchor" controller concept was a way to tunnel guest traffic from an internal controller to another controller located in the DMZ. It was implemented to provide separation, because non-Aruba controllers did not have a built-in firewall to keep guest traffic off of the internal network; An "Anchor" controller was the only way. You can still repurpose the 3600s as "Anchor" controllers for guest traffic, if that is what you want to do. They are not needed, however for RAPs.
If you want to read about how to do it, the article here: http://community.arubanetworks.com/t5/Controller-B
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
08-25-2015 09:23 PM
Thanks a lot Tim and Colin for the quick replies.
That's kind of how I looked at as well, I didn't see the value or requirement, but didn't want to undermine the suggesting SE outright without canvassing opinions. There is no guest WLAN as it would be thought of conventionally, so no client traffic egressing.
I'll just terminate those RAPs as per usual to the internals and call it a day.
Again, appreciate the quick answers.
08-25-2015 09:38 PM
Note as well that some of the more advanced AOS features won’t be supported on the 3x00 controllers whereas they will be on the 7205. If it's for RAPs, I would put them on the 7205 (that could be your justification for those that just want to see an anchor controller).
Sr. Techical Marketing Engineer