Wireless Access

Reply
MVP
Posts: 1,405
Registered: ‎05-28-2008

Q: RAP in remote site connected to trunk ..two different gw

[ Edited ]

Hi Guys,

 

I have a small technical question - to understand if what my client would like to achieve is possible.

 

Here is a small diagram - please focus on the remote site:

 

Drawing1.jpg

 

Let's say I deploy there a RAP unit and connecting it to a TRUNK port (native vlan= enterprise).

I would like to configure two ssid: 1 for the enterprise - using full tunnel - back to the main site.

                                                             2 for the guest - using the 2nd vlan that tagged on that vlan (on the remote site)

 

*the controller on the main-site only knows the 1 (enterprise vlan) the 2nd vlan is only seen on the remote site*

can it be done?

 

Because bridge mode..isnt fitted to this kind of solution

split-mode also mint fit to this need.

 

please advise.

 

thanks ,

 

me

 

My idea was instant on the remote-site that will do vpn in front of the controller

and also will be connected to the ADSL gw.... But my client would like to use DHCP fingerprint and some other featuers that are available only in a controller.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Q: RAP in remote site connected to trunk ..two different gw

I believe you can do a wired port in bridge mode off the RAP.  That isn't the problem.  Instant would also work but what is the use case for DHCP fingerprinting as Instant supports that??

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Q: RAP in remote site connected to trunk ..two different gw

[ Edited ]

my RAP units are 105 (only 1 port ) that will be connected to the trunk port on the remote site.

vlan X = enterpsie - SDH gateway from remote to main site
vlan z = guest - ADSL gateway to the internet (a vlan that isnt located and seend on the main site)

two diffrent vlans on the remote site...

please advise.

forget about the instant - its was just an idea..that i left..i need it to be full controller base solution

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Q: RAP in remote site connected to trunk ..two different gw

Not possible with the 105.  (only one port).  Again...why not Instant?  I wouldn't discredit that solution vs. a "full controller" based approach.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Q: RAP in remote site connected to trunk ..two different gw

AP-105 = 1 port..so? i will configure the port on the switch in the remote site as TRUNK. (and i will configure both vlans on that port + naitve vlan)

 

Instant wont fit - because my client would like to use DHCP fingerprint and user devriton roles. - and controller all sites and configuration from the main controller.

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Q: RAP in remote site connected to trunk ..two different gw

I need to know if it's possible to transmit a vlan on the ssid of the remote ap that dosent get to the controller itself (in any method except tunnel)

please look on the diagram.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Q: RAP in remote site connected to trunk ..two different gw

First, let me refute the instant solution objections:

 

1. You can manage with an Instant UI on Airwave centrally.

2. Instant supports user derivation rules with DHCP fingerprinting

 

Now...on that trunk port idea...I don't think it will work...what VLAN will the IPSec tunnel traverse? I just don't see it happening.  Take a RAP3 or RAP155 and we can have a different discussion possibly.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Q: RAP in remote site connected to trunk ..two different gw

Yes...you can transmit an SSID in bridge mode (vlan which doesn't get to controller) BUT you have an instance here of wanting to change e0 on a RAP and that isn't allowed.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Q: RAP in remote site connected to trunk ..two different gw

1. already known.

2. from which version?

--------------------------

 

on the trunk port...the native vlan will be the enteprise vlan and trough this the ap will do ipsec to the controller.

AP135 will also fit. ( i tought it's possiable ap collecting all the vlans on his trunk port to the controller for wip/rfp so......tunnel to the enteprise vlan and split tunnel to a diffrent vlan on the remote site - that only his tag number will apper on the controller)

 

u gave me an idea - soo... i will deploy only instant based solution all over the enteprise.

all i need is an AirWave + Turnked ports (of both vlans) ...no controller need for dhcp fingerprinting and user devertion roles.

right?

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Q: RAP in remote site connected to trunk ..two different gw

aware to that :) i have a lot of diffrent rap's deployments in diffrent methods...bridge mode will not fit to this kind of solution because we speaking on two diffrent vlans! two diffrent gw on the remote site.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: