Wireless Access

Hi all,

I'm just wondering what is the best method to connect Wireless APs at branch locations which don't have a WLC to the wireless network where the master controller is at the main campus site? The branch buildings are connected to the rest of the campus network over dedicated fibre WAN links. 

Would it be better to:

1. Establish a site to site VPN to the controller between the main HQ and branch sites and configure a directly connected route on the controller?

2. Configure the APs as Remote APs?

3. Manually configure the APs at the HQ site with the master controller IP address and then physically take them to the branch site?

I'm open to any other suggestions.

Thanks in advance

Hi,

if WAN links are already in place I'd use:

4. Let APs auto discover controller by DNS or DHCP (or IGMP).

How to configure this is documented in ArubaOS User Guide, Chapter: "Access Points" --> "Enable Controller Discovery"

Regards, JH

Thanks guys,

This is the first thing that I tried and it didn't work, i.e. relied on auto-discovery, DNS, DHCP with options 43 and 60 on its own scope and VLAN. As it didn't work I thought it might have something to do with VPN tunnels or configuring as RAPs. I thoroughly checked the routing tables on the network and that the AP group for this building is the same as other AP groups which do work fine.

So far I could only get the AP to work by statically assigning the controller IP on the AP, which I agree is far from ideal.

Sounds like discovery is not successful. Put a host in that subnet and run an NSLOOKUP on "aruba-master". You should have a DNS record in place that provides the controller IP.

Sorry for late reply.

This pointed me in the right direction and I managed to get it working. I ended up adding a DNS entry on our local DNS servers for "aruba-master". 

I found this rather odd as other sites across a WAN link were working fine without this.

Maybe raise a TAC case, unless anyone here can offer a solution.

The AP console would show how the AP discovered the the controller.

Most likely, some sites may be providing controller information to the AP(s) via DHCP option 43, where that scope option was not copied/added to your new site's scope or was added incorrectly.

I prefer DNS over DHCP for discovery because of this, but there's definitely pros to each method.

If you are able to connect to the AP console while testing at the branch site, it should provide feedback on what's not working ... whether that is master discovery or if the controller is discovered by the AP can not communicate with it.

Are the AP(s) already configured as RAPs? I'm not clear from your comment, but if they are already setup as RAPs then they do not attempt master discovery, but will try to contact the statically set controller address.

Easier than you might expect. As long as AP's can discover controller then you are ready to go. VPN not needed. No need to configure AP's @HQ. 

Remote AP would be for when you do not have a dedicated WAN link and are using plain old internet access to link between controller and Remote AP.

Do not staticly assign IP's to AP's.