Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Remote AP (RAP) deployment: advice is needed.

This thread has been viewed 3 times

  • 1.  Remote AP (RAP) deployment: advice is needed.

    Posted Apr 05, 2017 09:49 AM

    Hello.

     
    I want to ask an advice from you.
     
    Here is the description of our situation:
     
    We have Aruba WiFi infrastructure here in our company (Aruba 7205 wireless controller and Aruba AP-315 access points). And now we have a task to deploy several Remote Access Points in branch office. I've studied the documentation and have done some testing, I've got familiar with basic RAP deployment case when all traffic from branch office is going into the tunnel from RAP to Controller-at-the-main-office, have read about the case when some traffic goes to local Internet link at the branch office while some other traffic - to tunnel to main office (split-tunneling). 
    But it's not our case. 
     
    In our case we want to have several SSIDs in branch office (like "Corporate" and "Guest"), a bunch of VLANs there (in fact, we already have VLANs there), and we want our users there to be authenticated by controller, RAP configuration managed from controller, but upon user successful login, user should get proper local VLAN (i.e. - branch office VLAN) and user's network access should use local network environment, w/o tunneling to main office.
     
    In other words - we want to have management/AAA of all users and access points to be done at main controller; but then - user traffic should use local network, should use different SSIDs and different VLANs.
     
    Is it possible to configure RAP in this way?
    If so, could you please advice how to do this, or link a guide for such deployment scenario?
     
    Thank you in advance.
     


  • 2.  RE: Remote AP (RAP) deployment: advice is needed.
    Best Answer

    Posted Apr 11, 2017 01:48 AM

    Hi Lurii,

     

    We can make use of bridge mode setting in the VAP profile to accomplish the requirement.

     

    In bridge mode, authentication traffic is sent back to the controller, however the user traffic will stay local.

     

    If the user vlan needs to be different than the RAP vlan, then AP needs to be connected to a trunk port which allows client vlans through it.

     

    Client will get the IP address from the DHCP server present on the same network as the AP.

     



  • 3.  RE: Remote AP (RAP) deployment: advice is needed.

    Posted Aug 03, 2017 05:27 AM

    Hi Nitesh.

     

    Your advice about "AP should be connected to port in trunk mode" was really useful. Actually, this was the very point I've stuck in.

    After port settings was changed to trunk all other pieces of configuration stick together and RAP started to work as expected. 

     

    Thank you very much for your advice =)

     

    PS: Sorry for late reply.