Wireless Access

Dear Team,

Aruba controllers are new to me.

recently we have purchased Aruba 7010 controller, AP 325 (5 qty) and 5 AP and PEF License.

we need to publish 2 SSIDs (office & Guest) (Vlan 50 :Users SSID, Vlan 60: Guest SSID), controller & AP Mgmt networks are same with Vlan 100.

our requirements are, need to manage the wireless users traffic (internal network should be blocked for wireless Guest users only internet access is available, for office wirless users also some internal servers access need to blocked remaining servers and internet need to accessible). so we need to create firewall rules and need to map with particular ssid.

to achieve our requirements where we need to configre guest, office and controller networks gateway. could you someone clarify me is it should be on controller or can we able to configure on our existing core switch.

You can configure each VLAN on the controller in either Layer 2 mode (controller has no L3 interface in the VLAN) or in Layer 3 mode (the controller does have an L3 interface in the VLAN). If you are using a Captive Portal with the Guest access then you will need a L3 interface on the Aruba controller. Unless you are doing any L3 traffic inspection (such as src-nat etc) on the Corporate traffic have the clients default gateway to be your core switch and the controller interface in L2 mode.

As for restriciting access for Guest users, simply create an ACL within the User Role for deny access to your internal network.

Take a look at the VRD below to understand the fundamentals.

https://community.arubanetworks.com/t5/Validated-Reference-Design/Aruba-Mobility-Controllers/ta-p/155472

Dear zalion0, Thaks for your inputs.