Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive portal traffic on local controller

This thread has been viewed 0 times

  • 1.  Captive portal traffic on local controller

    Posted Mar 05, 2018 02:14 PM

    Hello

    I have the fallowing scenario

    the client has 1 master and 1 stanby controller on datacenter

     

    They got local controllers on many different sites.

     

    Right now they got a dmz on the data center and the guest users goes to internet through  the datacenter.

     

    The problem with this is that it consume the BW of links between the local sites and the data center.

     

    So now they want to put an internet on each site.  They will have a firewall in each local site with an internet conection on it and they want that each site goes to internet using their local  internet

     

    I though i could do this wth clearpass in which depending in which site the user is, he will assign a vlan.  

    For example

    site A will have on their local controller configured vlan 200

    site B will have on their local controller configured vlan 201

    site C will have on their local controller configured vlan 202

     

    the vlan 200 will just exist in the site A

     

    Do i need to create a Tunnel GRE between master and local A site controller  and make this vlan 200 exist on the master controller????

    If its like that will all my traffic will go to the master controller?

     

    What we want to achive is that the guest users does not consume BW of point to point link sbetween datacenter and local sites

     

    Cheers

    Carlos

     



  • 2.  RE: Captive portal traffic on local controller

    EMPLOYEE
    Posted Mar 05, 2018 02:27 PM

    You are probably looking for policy-based routing.  http://community.arubanetworks.com/t5/Wireless-Access/Setting-AP-PBR-on-controller/m-p/314344

     



  • 3.  RE: Captive portal traffic on local controller

    Posted Mar 05, 2018 02:36 PM

    Hello Collin

    It is not possible to do it in the way i proposing?

     

    Each site will have their own guest vlan

    For example

    site A will have vlan 201

    the default gateway of the vlan 201 will be only on site A and  vlan 201 does not exist on site B neither on site C

     

     

    site B will have vlan 202

    the default gateway of the vlan 202 will be only on site B and  vlan 202 does not exist on site A neither on site C

     

     

    My quetion is, if i do it this way do i need to create this vlans on the Master controller????  i mean the captive portal will be using local controller ip address i bealive, and not master controller ip address on that vlan as far i understand.  

     

    For example if a user on site A connnects he will get a ip address of vlan 201.  Let say its 192.168.201.50

    The default gateway is 192.168.201.1 which is on  a firewall on site A

    The local controller will have an ip on that vlan, let say its 192.168.201.254.

    The user i bealive will be redirected to 192.168.201.254 right?

    Or i need to create an ip address on the master controller on that vlan and the user get redirected to the master controller ip address on that vlan 201?

     

    Cheers

    Carlos

     

     



  • 4.  RE: Captive portal traffic on local controller

    EMPLOYEE
    Posted Mar 05, 2018 03:07 PM

    To assign a different VLAN per controller/site you can use named VLANs.  Your SSID will have the Virtual-AP vlan of "guest" for example.  Each local controller will have guest defined as the VLAN number that corresponds to that site.

     

    If you can simply place guests on a VLAN where the default gateway is that of a cable modem, for example, that is pretty much all you need to do.  If the default gateway on that guest VLAN does not point to that other ISP, you need to use policy based routing.



  • 5.  RE: Captive portal traffic on local controller

    Posted Mar 14, 2018 12:05 PM

    if i wanted the same SSID everywhere this would not be possible? i ws asking this becaues the initial role willl have a vlan for example 999 always no matter the site...

    I would need to exchange the vlan when the user athenticate, and i dont know if that would work...

    If we need the same SSID everywhere its possible doing this ? somehow?



  • 6.  RE: Captive portal traffic on local controller

    Posted Mar 14, 2018 12:20 PM

    ok i re read what your message.

    So its possible to create a named vlan on each local controller_?

    I though you just could configure that on the master controller.   You can configure named vlans on each local controller????

     

     



  • 7.  RE: Captive portal traffic on local controller

    Posted Mar 14, 2018 05:16 PM

    Okay i just saw how to do it

    Thanks Collin

    i like the named vlan option... i guess i can work with this!

     

    Cheers

    Carlos



  • 8.  RE: Captive portal traffic on local controller

    Posted Mar 14, 2018 05:43 PM

    Just a last quetion

     

    If i got master controller on datacenter

    I got a local controller  in site A

     

    if i user connnect to the AP of SITE A and that ap terminate his tunnel on controller of site A

     

    How much BW it will consume to the private link between SITE A and Datacenter??

    I guess the controller will send the info of the user connected to the master controller andthat it.. and thats like a almost no usage of that link

    Iam right?

     

    I want to know this because the main reason we are changing the design of everyone going to interneto trhough a dmz controller ont he datacenter is that it, right now its puttting heavy traffic on that private link and most of that traffic is guest user traffic..   And i want to be sure the private link wont be loaded with heavy traffic.

     

    Cheers

    CArlos