Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎02-20-2013

Aruba Controller 7010 Internal DB Limitations

I have a request to setup a new 7010 controller with MAC address authentication of around 5000 entries.

 

Question 1: What is the maximum number of entries for the Internal DB ?

 

Question 2: Will there be any performance issue for the controller to handle this big amount of entries in the internal db ?

 

Question 3 : Will there be any security issues with 5000 entries of MAC address in the internal db ?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba Controller 7010 Internal DB Limitations

[ Edited ]

The 7010 only supports entering 4000 EDIT 2000 devices/users in the internal database.

You should not do mac authentication with the database on the controller itself, because it is hard to add/remove manage that list in the GUI in the controller for the numbers that you are trying to do.  Mac authentication is not secure at all, but if you want to do it on that scale, you should use an external AAA server to improve manageability.

 

You can also consider a different authentication method like 802.1x or captive portal where the user, instead of the device is authenticated



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎02-20-2013

Re: Aruba Controller 7010 Internal DB Limitations

Hi Collin,

 

Is there any way we can find the official information on the internal db scaling for the controllers, ie 7010,7030, 7205 ?

 

Actually I'm setting the Clearpass server for the end user MAC authentication request. Reasons for asking on the controller is that end user is thinking of putting a copy of the 5000 MAC addresses on the remote controllers as a backup authentication in case their WAN link fail. Is this possible ? And will it effect performance of the remote 7010 contoller ?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba Controller 7010 Internal DB Limitations

I am looking for documented numbers.

 

What I see for internal numbers is:

 

7010  2000

7030  4000

7205  8000

 

How would the user synchronize the database between the controller and clearpass?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎03-31-2013

Re: Aruba Controller 7010 Internal DB Limitations

Please let me know abput 7005RW controller maximum mac address entries in internal database.

 

Regards

N.Muthusaravanakumar

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba Controller 7010 Internal DB Limitations

1000



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 61
Registered: ‎09-16-2014

Re: Aruba Controller 7010 Internal DB Limitations

Hi Cjoseph,

 

To handle 10k AP MAC address whitelisted,which controller suitable?7210.7220 or 7240?

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba Controller 7010 Internal DB Limitations

The  7205 can hold 8000 and the 7210 can hold 16000.

 

To be honest, nobody chooses a controller platform based on the number of mac addresses that can be held in the internal database; they would typically have an external server like ClearPass do mac authentication, so that even a smaller controller can scale to thousands of mac addresses.  

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 61
Registered: ‎09-16-2014

Re: Aruba Controller 7010 Internal DB Limitations

Hi Colin,
Thanks for your input.Actually we will have iap-vpn deployment and controller will act as vpn terminator.Total 10k ap mac address need to whitelist inside controller internal db.


Regards,Amir
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Aruba Controller 7010 Internal DB Limitations

Whether you have an IAP-VPN or Remote AP deployment, both types of mac addresses for deployment can be hosted within ClearPass:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/AP-Whitelist-with-CPPM/ta-p/242915  That would eliminate the need to tie the number of mac addresses to the size of a controller.  It would also allow you to have distributed redundancy by allowing multiple controllers to share a whitelist on CPPM, but not be physically located in the same datacenter.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: