Wireless Access

Reply
Occasional Contributor II

License clarification on Guest controller

 

Do we need PEF license in DMZ  guest controller for creating user roles?

Valued Contributor II

Re: License clarification on Guest controller

Hi friend,

 

Yes we need PEF license for working with roles and policies.

 

Please feel free for any further query on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: License clarification on Guest controller

Hi Venu ,

 

Thanks for the reply.

 

We are having totally 384 AP count license and 384 PEFNG license in master controller . And in our network , we will be installing nearly 300 AP's.  I will configure the license server ip in dmz controller as master controller.So , whether the remaining PEFNG license is enough for DMZ controller to configure user policies ? Or do we need to have separate 300 PEFNG license in master controller.

Guru Elite

Re: License clarification on Guest controller

You need at least 1 PEFNG license to enable custom role functionality and then the same number of PEFNG licenses as AP licenses.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: License clarification on Guest controller

Hi Mr.Tim Cappali ,

 

Then do I need to purchase seperate 384 count pef-ng license for my dmz cntroller?

Guru Elite

Re: License clarification on Guest controller

No, as long as you have PEFNG licenses on another controller and centralized licensing is enabled. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: License clarification on Guest controller

Thanks Mr.Tim . We will configure the centralized licensing and we will test the same. By the way we are having firewall in between master and dmz controller. do we need to enable other ports than below for license transfer?

 

GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.
- IKE (UDP 500).
- ESP (protocol 50).
- NAT-T (UDP 4500).

 

 

 

Guru Elite

Re: License clarification on Guest controller

Will it be a local controller off a master and will the master be the licensing server? If so, it will communicate over the master-local IPSec tunnel. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: License clarification on Guest controller

Hi Mr.Tim ,

 

Thanks for the reply. I have studied in the user guide that without pefng license we can able to acheive the captive portal settings and initial roles will be created automatically for captive portal.

 

Actually we want guest users get authenticate using captive portal in DMZ controller and after that they can access internet.  So do we need any other roles to be created manually in DMZ controller apart from automatic roles and policies?

 

Re: License clarification on Guest controller

in the Aruba Licencing System

 

 

 # of Active AP =  # Min Licences  (AP , PEFNG, WIPS)

 

so the best is to get

AP licences= PEFNG licences.

 

in general PEFNG licence is not requested but very recommended, and in your case it is requested (for the guest and the guest logon roles)

 

if you have more than one controller you can use Licencing server.

 

 

 


Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACCP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: