Wireless Access

Hi community,

 

I want to set up a split tunnel ssid on my APs.

We ´ve a 650er Controller running with AOS 6.4.0.3 on it.

I´ve some 105APs and 135APs running.

All my SSIDs working fine but I don´t get the split tunnel SSID up and running.

 

I´ve create a new SSID I configerd it like this:

http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Remote_AP/Split_Tunneling.htm

 

When I set the SSID in the virtual ap profile to split tunnel, the ssid is not broadcasting any more.

Need help. Anyone an idea?

 

Thanks

split-tunnel mode is only available for RAPs.  I am guessing that the AP is still a campus AP, which is why the ssid is not coming up.

 

Try to reprovision the AP as a RAP.

Hi,

 

Split tunnel will work with RAP only. are you trying to bring up APs as RAP ? or CAP ?

 

Please feel free to comeback on this.

Is there a solution for this, I want a local breakout for this ssid?

you need to provision the AP as a RAP.  If you want all traffic to breakout locally, you can make the ssid bridge, but beware, you need to have cpsec enabled in order to do that.  Enabling cpsec will make all of your aps recertify and cause an outage.

 

What´s about bridge mode? Is it also only for RAPs?

Bridge mode can be used in campus or remote APs but requires control-plane
security (CPSec) to be enabled.

Ok, thank´s guys. But there is a problem, at the moment I´ve 2 SSIDs on the APs a Enployee and a Guest SSID. The Guest SSID needs the Controllers Captive portal. When I change the Employee SSID to bridge the guest don´t work with captive portal right?

Correct

Ok, thanks.

It means the bridge ssid configuration set the complete AP in bridge mode with all ssids on it.

 

when you set bridge, it is only applied to the VAP you are changing.

 

You can have a combination of several ssids with different forwarding modes.

Ok, thanks,

So I can set up a Employee ssid in bridge mode and a guest ssid in tunnel mode on the same ap right?

Have you a set up guide or a step by step guide to set up a ssid in bridge mode?

So I can set up a Employee ssid in bridge mode and a guest ssid in tunnel mode on the same ap right?  --> Yes

 

Have you a set up guide or a step by step guide to set up a ssid in bridge mode?  --> Good place to start is the RAP design guide here.

 

To make an ssid to be bridged.

forward-mode bridge
no broadcast-filter all
no broadcast-filter arp

 

But i want to use the APs as Campus APs not as RAPs

I Bridge mode only supported on RAPs? 

I test it, but the ssid is not broadcasting on my aps!

It is allowed on Campus APs if you have control plane security enabled on your controller.

Do you have control plane security (CPSec) enabled?

now it is enabled and the ssid is broadcasting, but i don not get an ip adress when i try to connect

Does the local subnet have a DHCP server or DHCP relay configured?

Yes, I tested it in a extra vlan, there is a dhcp relay in the vlan and the dhcp works fine for the ssid in tunnel mode...

What can I test next?

Tunnel mode goes back to the controller and will DHCP from either the controller or upstream.

You need DHCP in the local subnet where the AP is connected.


Thanks,
Tim

yes, there is a dhcp in the subnet, the lan connected clients does dhcp in this subnet, and the AP get a IP in this subnet, too.

Leon123,

What is your ACL for split users..?

Sorry i found my mistake.

I must put the vlan id 1 on the ssid configuration to use the untagged vlan the AP is connected to.

Sorry guys, shame on me ;-)

HI,

 

This is for Campus AP :). when you bring up a VAP in Bridge mode, there will not be any GRE tunnel terminating on the controller hence whole traffic from the SSID with bridge mode will be locally bridged to the uplinked switch.

Hope you got some clarity on this.