Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Multiple sites (Branch offices) deployement with Aruba "Questions"

This thread has been viewed 4 times

  • 1.  Multiple sites (Branch offices) deployement with Aruba "Questions"

    Posted Sep 21, 2016 12:33 PM
      |   view attached

    Hello community,

     

    For one of our projects, i have to figure out how to manage multiple aruba access points destributed over multiples sites; i have seen the cloud based solutions, but i prefer to manage the hardware myself, and i tend to avoid the IAPs. I can explain my situation by the following example :

     

    HQ with the Datacenter and the master controller, RADIUS Server and 10 AP.

    Branch site 1 : Slave controller (is it necessary?) and 12 AP.

    Branch site 2 : Slave controller and 8 AP.

    Branch site 3 : Slave controller and 20 AP.

     

    What solutions do i have for centrelized management of all APs in all branch sites? knowing that all of the sites have ADSL Internet links with dynamic public IP.

     

    The image below shows, more or less, the architecture i try to achieve.

     

    Best regards,

    Abdou Balladi



  • 2.  RE: Multiple sites (Branch offices) deployement with Aruba "Questions"

    EMPLOYEE
    Posted Sep 21, 2016 01:39 PM

    Are all the networks routable between sites?  If yes, Airwave would be the answer to manage your controller-based deployment.  If not, either Airwave and instant (Airwave can manage IAPs behind a DSL router) or Aruba Cloud and Instant IAPs would be the ony way you can get a single pane view of your network with non-routable subnets that are behind an ADSL device.

     

    If you had only maybe one or two APs at a site, you could make them remote APs and terminate them on a controller at your datacenter.  Your limitation in this strategy is how many ipsec tunnels your ADSL router would support going back to the datacenter over the internet.



  • 3.  RE: Multiple sites (Branch offices) deployement with Aruba "Questions"

    Posted Sep 21, 2016 02:16 PM

    Hello cjoseph,

     

    Thank you for your quick response.

     

    There is no routing between the sites, concerning the VPN, would the ipsec tunnel work even if all the DSL Router are PPPoE Links with dynamic adresses? so the VPN would be between the DSL routers not the controllers?

     

    About AirWave if its in the Datacenter, can it manage all IAPs in all sites? and still have one panel for all? and does it need link configuration between sites or i only need to connect the IAP to the internet and the devices do the rest?

     

    Sorry for asking so much questions, and thank you.

     

    Regards,

    Abdou Balladi

     

     

     



  • 4.  RE: Multiple sites (Branch offices) deployement with Aruba "Questions"

    EMPLOYEE
    Posted Sep 21, 2016 02:29 PM

    You can certainly do a dynamic ipsec site to site VPN between your controllers and your main site, but it would be yet another piece to manage.  The easiest way to do this is to allow Instant APs to point to Airwave that has a public address (Static 1:1 NAT or just public address).  Instant devices can be monitored and managed over the internet this way easily.

     

    Please check out the Aruba Instant Validated Reference Design here: http://community.arubanetworks.com/t5/Validated-Reference-Design/Aruba-Instant-Validated-Reference-Design/ta-p/258782

     

    the VRD will talk about Instant APs that terminate on Aruba Controllers, but that is optional for when user traffic will be tunneled back to the datacenter.  If all traffic is pretty much localized to the site, you can have Instant APs talk to Airwave on port 443 over the internet with no problem.