Wireless Access

Reply
Occasional Contributor II

Aruba MM and MD with RAP deployment

Hello,

In my lab environment I tested Aruba products. Currently I tested Remote Access Points (RAP) over IPSec.
When I deploy standalone wireless controller (VMC) and provisioning RAP on remote location everything works ok and I can connect to RAP SSID and have access to my central location where I have controller.


In another scenario I deploy 2 Mobility Masters (virtual) in VRRP and 2 Mobility Controllers (VMC) in cluster and with VRRP for AP. But if I now provisioning RAP on remote location, RAP cannot connect to my controller (via IPSec) in central location. The configuration is the same as in standalone controller.


Is this scenario with MM and MD in cluster and RAP supported in version 8.2.0.2? If it is supported, do I need to configure any additionally settings compare with standalone configuration? Do I need any special licenses for this implementation (currently I have PEF and RF Protect licenses).


I follow User Guide from Aruba support website.


If somebody have similar design scenario please help me with configuration.

Thank you.

Re: Aruba MM and MD with RAP deployment

NAT is not supported on a cluster because of how the clustering works.

You will need to assign public addresses (not ideal) so best to deploy a managed controller (not part of a cluster) just for the RAPs




Pardon typos sent from Mobile

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Aruba MM and MD with RAP deployment

Thank you Victor Fabian for answer.

 

I have another question.

If I have following design:

- 2 Mobility Masters in VRRP and 1 Mobility Controller (MD) ( Everything behind firewall) and then RAP in remote location (via IPSec).

 

Is this deployment supported or need Mobility Controller with public IP Address to work RAP on remote location?

 

Thank you.

Re: Aruba MM and MD with RAP deployment

2 Mobility Masters in VRRP and 1 Mobility Controller (MD) ( Everything behind firewall) and then RAP in remote location (via IPSec)

This is a valid design , a non cluster controller can use NAT



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Aruba MM and MD with RAP deployment

Hello,

 

I tested this design with 2 MM (in VRRP) and 1 Mobility Controller managed by Mobility Master. And then deploy RAP on remote location (via IPSec). But do not work.

 

If I have Mobility Master, did I need to configure any additionally settings to work properly?

 

Thank you.

Re: Aruba MM and MD with RAP deployment


@Victor Fabianwrote:

NAT is not supported on a cluster because of how the clustering works.

You will need to assign public addresses (not ideal) so best to deploy a managed controller (not part of a cluster) just for the RAPs




Pardon typos sent from Mobile


Are you saying you cannot have a cluster of 2 MDs for redundancy as a RAP deployment?

What is the AOS 8 redundancy solution for RAPs?


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Re: Aruba MM and MD with RAP deployment

Are you saying you cannot have a cluster of 2 MDs for redundancy as a RAP deployment?

Not saying that, you can terminate RAPs on cluster MDs but you will need to assign a public IP address to each MD because in a cluster scenario NAT is not supported

What is the AOS 8 redundancy solution for RAPs?

You can use the same Redundancy mechanisms used in 6.x with non-cluster controllers and NAT at your firewall if your environment can’t use the above




Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Aruba MM and MD with RAP deployment


@Victor Fabianwrote:
Are you saying you cannot have a cluster of 2 MDs for redundancy as a RAP deployment?

Not saying that, you can terminate RAPs on cluster MDs but you will need to assign a public IP address to each MD because in a cluster scenario NAT is not supported


Thank you

Victor Fabian

Pardon typos sent from Mobile

I have deploy 2 Mobility Master (virtual) with VRRP IP (so controller is connecting to VRRP IP address) and 1 Mobility controller (virtual) managed by Mobility Master.

And the RAP still not working.

If I deploy standalone Mobility controller (virtual). Everything works.

Do I have to configure additionally settings on Mobility Master to RAP work via IPSec on remote location.

Re: Aruba MM and MD with RAP deployment


@Victor Fabianwrote:
Are you saying you cannot have a cluster of 2 MDs for redundancy as a RAP deployment?

Not saying that, you can terminate RAPs on cluster MDs but you will need to assign a public IP address to each MD because in a cluster scenario NAT is not supported

What is the AOS 8 redundancy solution for RAPs?

You can use the same Redundancy mechanisms used in 6.x with non-cluster controllers and NAT at your firewall if your environment can’t use the above




Thank you

Victor Fabian

Pardon typos sent from Mobile

We currently only have one standalone RAP controller for 6.x.

Our 8.x plan is to have a cluster of 2 MDs., each with public IP addresses and a cluster public IP address. I assume this is supported?


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Occasional Contributor I

Re: Aruba MM and MD with RAP deployment

Hi Guys,

 

I'm curious to know if this has been addressed. Based on the design guide, NAT is not supported for RAP to terminate on cluster MCs. However, I'm puzzled as this is not very clear. What if we have one-to-one NAT rule on DC firewall which maps each MC's private IP to public and another mapping for VRRP IP? Does RAP redundancy still work (or supported) in this case?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: