08-15-2012 04:03 AM
I'm guessing this number is high. We currently have four (4) GRE tunnels built from a variety of controllers 800's, 600's, 3000's, and 6000's to support our guest infrastructure. In addition, each AP forms a dynamic tunnel with the controller per each SSID. In our larger deployments, it is not abnormal for us to see 100's of these tunnels built. I would suggest reading the VRD's to assist so your network can scale.
08-15-2012 04:22 AM
So we are working on a couple of things right now.
We control our captive portal traffic through a GRE tunnel back to a central location so we can force the traffic to go through a filtered proxy, unauthenticated. We are looking to add another 100+ controllers this year that builds on the current couple hundred controllers with GRE tunnels already, so I am contemplating adding another controller with a couple of 100 tunnels to it like a concentrator for our iPhone deployment so we can do the same thing with that traffic, snce not everthing in and on the iPhones is proxy aware.
That briefly sums it up but the reason I ask is more for the one that defaults the traffic to proxy for web traffic to be filtered, since it is more like the end point for all the controllers...I suspect I can terminate them to a Cisco router, but would prefer to make the concentrator an Aruba controller.
08-15-2012 04:26 AM
Ok, so it sounds like a similar deployment as ours. All of our guest traffic terminates back at a DMZ device which goes through a similar inspection process. We have four (4) tunnels per controller for different functions and we also have several hundred controllers. The terminating controllers are a 3600 pair and handle over 500+ GRE tunnels like a champ! These controllers are used only to terminate GRE tunnels and provide guest access however - they do not service AP's.