Wireless Access

Reply
Occasional Contributor II

Anchor Mobility Controller for RAPs?

As part of a larger expansion and migration, I'll be replacing a customer's 2 3600 MCs with new 7205 MCs.  These new MCs will be moved from outside in the DMZ and into the customer's production network.  It had been suggested to them that one of the old 3600s should be re-purposed as a DMZ Anchor Controller to accept RAPs terminating from the Internet.  Two questions: I can't find this scenario described in detail ie. what do I need to configure specifically, and second, is this necessary? Thanks in advance.

Guru Elite

Re: Anchor Mobility Controller for RAPs?

I generally terminate RAPs on an internal controller. With strong authentication and policy, the devices will be the same as if they were on prem.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Anchor Mobility Controller for RAPs?

The "Anchor" controller concept was a way to tunnel guest traffic from an internal controller to another controller located in the DMZ.  It was implemented to provide separation, because non-Aruba controllers  did not have a built-in firewall to keep guest traffic off of the internal network;  An "Anchor" controller was the only way.  You can still repurpose the 3600s as "Anchor" controllers for guest traffic, if that is what you want to do.  They are not needed, however for RAPs.

 

If you want to read about how to do it, the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468 describes the guest tunneling configuration in detail.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Anchor Mobility Controller for RAPs?

Thanks a lot Tim and Colin for the quick replies.

That's kind of how I looked at as well, I didn't see the value or requirement, but didn't want to undermine the suggesting SE outright without canvassing opinions.  There is no guest WLAN as it would be thought of conventionally, so no client traffic egressing.

I'll just terminate those RAPs as per usual to the internals and call it a day.

Again, appreciate the quick answers.

Re: Anchor Mobility Controller for RAPs?

Note as well that some of the more advanced AOS features won’t be supported on the 3x00 controllers whereas they will be on the 7205. If it's for RAPs, I would put them on the 7205 (that could be your justification for those that just want to see an anchor controller). 

Jerrod Howard
Sr. Techical Marketing Engineer
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: