Wireless Access

Reply
Occasional Contributor I

Communication between clients on Tunneled SSID without tunnel round-trip

We want to do a wireless setup as follows:

We have a Aruba 7005 wireless controller with multiple 205 access points.
We have 1 'internal' SSID (bridges to the local LAN) and 1 'guest' SSID (seperate VLAN, tunnels to the controller).

We have wireless presentation systems (wepresent) connected to the wirelress guest network ( as wifi clients) and customers can connect to the guest network with their notebook and auto-discover and use the presentation system (auto-discovery is possible when in the same VLAN).

The problem is that all the traffic between clients on the same SSID on the same Access point is doing a round trip to the controller. In our main (HQ) office this is not a problem (our controller is located here). In the remote offices we want to do the same setup but we can't make the traffic make a round trip because of a slow line between the branch office and the HQ office.

Does somebody know if there is a possibility to let clients on a tunneled SSID talk to each other without traffic going up and down the line to the controller? And if so, how to do this?

regards.

Guru Elite

Re: Communication between clients on Tunneled SSID without tunnel round-trip

You would need to use bridge mode. 

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Communication between clients on Tunneled SSID without tunnel round-trip

You should change your virtual aP to decrypt tunnel


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Communication between clients on Tunneled SSID without tunnel round-trip

The problem is that we can't use bridge mode for the 'guest' network because we need to tunnel it to our HQ office.

Occasional Contributor I

Re: Communication between clients on Tunneled SSID without tunnel round-trip

I already tried the decrypt tunnel but without succes. Traffic still does a round trip to the controller.

Guru Elite

Re: Communication between clients on Tunneled SSID without tunnel round-trip

You could make your AP a Remote AP, make the VAP split-tunnel, but make the ACL for the role "allowall" to simulate a tunneled SSID.  You would then turn on "Rap Local Network Access"

 

 http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Remote_AP/Advanced_Configuration_O1.htm?Highlight=RAP Local Network Access

 

 

The idea is that making an AP a RAP and having the VAP as split tunnel, will push the firewall to the RAP, where it can make routing decisions, because the traffic is decrypted.  Turning on RAP local network access will allow it to make decisions based on devices that are connected to that RAP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Communication between clients on Tunneled SSID without tunnel round-trip

We use the same method Colin described and it works beautifully.


#AirheadsMobile
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I

Re: Communication between clients on Tunneled SSID without tunnel round-trip

Thanks! This works.

Only one new problem: the throughput from the 205AP to the controller is 8Mbps and from the controller to the AP 12Mbps. Is this normal behaviour when using RAP (VPN tunnel).

 

regards 

Guru Elite

Re: Communication between clients on Tunneled SSID without tunnel round-trip

What is between the AP and the controller?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Communication between clients on Tunneled SSID without tunnel round-trip

At this moment a Gigabit LAN (i did the setup in the internal network of our main office, later on we will use the tunneling from an AP in a remote office to the controller in the HQ office).

Controller is a 7005

I did not created any ACL, interclient communicatio without tunnel roundtrip is working 'out of the box' when enabling the RAP and choosing split-tunnel.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: