Wireless Access

Reply
Occasional Contributor II
Posts: 18
Registered: ‎11-18-2015

Mobility Domains and Controller Tunnels

Hey all,

 

I've got a client with a setup that I need a bit of help with, and wanted to see if anyone had run into something like this before.

 

Long story short, they would like to have someone from, say, Tuscon, who travels to the Dallas office, to be able to connect to the network and terminate to their Tuscon controller and network. I looked at setting up mobility domains, but I can't really find a comprehensive guide. The controller environment is such that there are two big controllers in a master primary - master backup vrrp / master-redundancy feeding local controllers in a number of locations. I'd rather not build a bunch of L2 tunnels for every location from the master-master cluster. Also, they'd like to use named vlans for every location, so when ClearPass does its authentication, it can do a derivation and dump them off on their correct controller.

 

Any ideas?

Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Mobility Domains and Controller Tunnels

Why can't you let anyone route their traffic to Tucson if needed.  That way, they don't have to have a specific ip address to obtain resources.  An ip address is just what a user has temporarily so that user can send and receive traffic.  Any other way and you are setting layer 2 tunnels to and from anywhere.  You should instead solve this at the network level.

 

Mobility domains are only useful for users that want to roam between controllers where there is overlapping wifi between the two.  Your current situation cannot be solved using mobility domains.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 18
Registered: ‎11-18-2015

Re: Mobility Domains and Controller Tunnels

Wouldn't work that way. All of the sites are separate island, so to speak.
Guru Elite
Posts: 21,279
Registered: ‎03-29-2007

Re: Mobility Domains and Controller Tunnels

How would sites communicate without wireless?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 18
Registered: ‎11-18-2015

Re: Mobility Domains and Controller Tunnels

Via routing and named vlans. But how would controller B know that user A, when at location B, needs to terminate to controller A without mobility home agent / foreign agent assignments using IP mobility?
MVP
Posts: 314
Registered: ‎04-03-2014

Re: Mobility Domains and Controller Tunnels

Why do you need the user who travels to terminate on its home controller? Do they access resources that only those networks at his home location are able to reach?

 

If you want to keep access separated you might want to use the aruba roles instead so that a user from location A still gets role A when at location B but he will have an IP address from location B during his visit.

 

This needs underlying connectivity/routing/firewall configuration to allow that kind of communication between the sites aswell.

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Occasional Contributor II
Posts: 18
Registered: ‎11-18-2015

Re: Mobility Domains and Controller Tunnels

Thanks, Christoffer. Yes, each site is a separate island, so we needed to only terminate the user at their home controller. We accomplished this using VIP to VIP tunnels and assigned a vlan to a specific role, and then derivated based on certain conditions in ClearPass.

 

Thanks for the assistance.

Search Airheads
Showing results for 
Search instead for 
Did you mean: