02-23-2012 10:53 AM
We currently have a number of offices that have local controllers. These sites generally have 40 - 150 users. It has been suggested that we get rid of the controllers and just use multiple remote ap's in their place to save on the cost of the controllers. Does anyone have any experience with running multiple remote AP's in a branch office and some potential pitfalls. I am skeptical about having 100 users running on multiple remote AP's but I am looking for any valuable input as to what may occur or what functionality we may lose.
02-23-2012 01:26 PM - edited 02-23-2012 01:36 PM
This is dependent on your network access requirements and traffic flow. Will your remote branch office users require connection back to the HQ or is all the user traffic natted to the internet? It will be better if you can expalin the user traffic flow for your current setup and what services are available at the remote site such as RADIUS, DHCP etc
RAPs are generally recommended only for telelcommuters i.e. single AP deployments. If you have 40 -150 users per site then RAPs are not recommended.
02-23-2012 03:33 PM
Thanks Sathya. We currently use remote AP's at a bunch of WAN sites purely so we can put them in bridge mode and dump traffic locally without a local controller. All of these sites are WAN connected. If we were to configure them as campus AP's with no local controller all the traffic would be coming off the controller located back at the datacenter location. It makes sense for WAN connected offices with 2 AP's and 20 users for instance but I am wondering at what point or for what reasons a local controller is justified. For instance do you have controllers at every WAN site even if they are only 1 or 2 AP's? It can be hard to justify the cost at site to site VPN offices or other small MPLS WAN connected offices
02-24-2012 09:40 AM
- Local controllers are probably needed for regional sites that have more than 50 users. If you have sites that have 20 users nad you can support them with 1 or 2 APs then you have a couple of options depending on the traffic flow.
- If the user traffic nevers comesback to the HQ then you can use 2 APs in bridge mode and have a local DHCP server and you are pretty much done
- If the traffic has to come back to the corporate HQ and you dont have a private line/MPLS between your branches and HQ you can use tunnel or split-tunnel mode. Remember that roaming in not very effective between RAPs operating in split-tunnel mode.
- If you have a VPN endpoint at the branch office that can take care of the routing and IPsec , then you can use RAPs in bridge mode.
A very good alternative for sites that have upto 256 users is the Aruba insatnt deployment. As long as the traffic stays local or until you have a private link to HQ or a VPN setup this is the best solution. In the insatnt solution you wont need a controller even at the HQ. Currently, the Aruba instant soution is a cluster of upto 16APs that can operate togother using the concept of virtual controller. The AP clusters can be centrally managed using Airwave. For details on how this architecture works see the Aruba insatnt documentation available at support.arubanetworks.com