05-02-2013 05:16 AM
I'm pretty new on Aruba systems and I'm working with W650 controller and AP93-105.
We only have 1 controller on the main site connected with our branch offices through our VPN MPLS.
So we will have 1 or 2 AP (93 or 105) in each branch office as RAP in bridge mode.
If I've correctly understood, RAP in bridge mode can do pretty everything (exept captive portal) without the controller.
I have 3 SSID on each site with the same VLAN, only adressing changes.
Each VLAN receive the DHCP from each Cisco Core on the branch sites, and what I actually want is to have some RAP on let say:
- 1 SSID for desktop users on VLAN 210
- 1 SSID for production users on VLAN 220
- 1 other SSID on default local subnet for each branch office (VLAN 1)
Each SSID uses 802.1x authentication on our replicated RADIUS server in the branch offices and WPA key.
So what I'm currently trying to do is to make this work when the controller is offline or the VPN down.
I'm currently testing with an AP93 as RAP, all my connections seems to work fine if the controller go down, but if I try new authentications it simply says that it cannot connect to the network.
I put the log of the AP when I tried to establish new connections when the controller is down, and it seems to always try to reach it.
I'm surely missing something, if anyone could point me out what I'm missing?
Thanks in advance.
05-02-2013 02:03 PM - edited 05-02-2013 02:06 PM
The controller handles the authentication request, not the AP/RAP for 802.1X networks; therefore when the controller is not available new connections will fail as the controller is not available to do the authentication.
If you absolutely must support site survivability if the controller goes down, you can consider Instant APs or non-dot1X authenticated networks.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX