Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

License clarification on Guest controller

This thread has been viewed 0 times

  • 1.  License clarification on Guest controller

    Posted Jan 23, 2015 04:38 AM

     

    Do we need PEF license in DMZ  guest controller for creating user roles?



  • 2.  RE: License clarification on Guest controller

    Posted Jan 23, 2015 05:34 AM

    Hi friend,

     

    Yes we need PEF license for working with roles and policies.

     

    Please feel free for any further query on this.



  • 3.  RE: License clarification on Guest controller

    Posted Jan 23, 2015 12:55 PM

    Hi Venu ,

     

    Thanks for the reply.

     

    We are having totally 384 AP count license and 384 PEFNG license in master controller . And in our network , we will be installing nearly 300 AP's.  I will configure the license server ip in dmz controller as master controller.So , whether the remaining PEFNG license is enough for DMZ controller to configure user policies ? Or do we need to have separate 300 PEFNG license in master controller.



  • 4.  RE: License clarification on Guest controller

    EMPLOYEE
    Posted Jan 23, 2015 12:59 PM

    You need at least 1 PEFNG license to enable custom role functionality and then the same number of PEFNG licenses as AP licenses.



  • 5.  RE: License clarification on Guest controller

    Posted Jan 23, 2015 08:27 PM

    Hi Mr.Tim Cappali ,

     

    Then do I need to purchase seperate 384 count pef-ng license for my dmz cntroller?



  • 6.  RE: License clarification on Guest controller

    EMPLOYEE
    Posted Jan 23, 2015 08:30 PM
    No, as long as you have PEFNG licenses on another controller and centralized licensing is enabled. 


    Thanks, 
    Tim


  • 7.  RE: License clarification on Guest controller

    Posted Jan 24, 2015 09:44 AM

    Thanks Mr.Tim . We will configure the centralized licensing and we will test the same. By the way we are having firewall in between master and dmz controller. do we need to enable other ports than below for license transfer?

     

    GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.
    - IKE (UDP 500).
    - ESP (protocol 50).
    - NAT-T (UDP 4500).

     

     

     



  • 8.  RE: License clarification on Guest controller

    EMPLOYEE
    Posted Jan 24, 2015 09:47 AM
    Will it be a local controller off a master and will the master be the licensing server? If so, it will communicate over the master-local IPSec tunnel. 


    Thanks, 
    Tim


  • 9.  RE: License clarification on Guest controller

    Posted Jan 25, 2015 02:37 AM

    Hi Mr.Tim ,

     

    Thanks for the reply. I have studied in the user guide that without pefng license we can able to acheive the captive portal settings and initial roles will be created automatically for captive portal.

     

    Actually we want guest users get authenticate using captive portal in DMZ controller and after that they can access internet.  So do we need any other roles to be created manually in DMZ controller apart from automatic roles and policies?

     



  • 10.  RE: License clarification on Guest controller

    Posted Jan 25, 2015 04:03 AM

    in the Aruba Licencing System

     

     

     # of Active AP =  # Min Licences  (AP , PEFNG, WIPS)

     

    so the best is to get

    AP licences= PEFNG licences.

     

    in general PEFNG licence is not requested but very recommended, and in your case it is requested (for the guest and the guest logon roles)

     

    if you have more than one controller you can use Licencing server.

     

     

     



  • 11.  RE: License clarification on Guest controller

    EMPLOYEE
    Posted Jan 25, 2015 08:57 AM
    Then no, you don't need PEFNG. 


    Thanks, 
    Tim