Afternoon chaps
We're about to embark on an SD-WAN PoC on a few of our remote offices. During the PoC we want to test our existing Aruba Wi-Fi SSID's for Corporate (802.1X) and Guest (PSK/Captive Portal) in the SD-WAN connected branch. Some background on our existing set up is
- Wireless Controllers and ClearPass located in Data Centres
- Existing remote offices connected to DC via Private MPLS, AP's in those locations in CAP tunneled mode as there is no NAT involved.
When we carry out the PoC our branch office will be connected to our Data Centre by Internet and MPLS. The SD-WAN device will provide an 'IPSec overlay' accross these transports to a head end SD-WAN device in our Data Centre. For both our SSID's we will need to tunnel the authentication traffic back to our main Data Centre and then after authentication either break out user traffic in the branch locally ( e.g. Local Internet Breakout) or send it back to the main Data Centre. As there is a requirement here to 'split' the traffic, does that rule out the Campus AP option from the start? If so, to support the 'split' of traffic the other option is Remote AP in 'split-tunnel' mode as 'bridge' mode doesnt give the option to switch the traffic to the Data Centre.
I'm sure there will be other questions after the discusion is started. Of course the other option would be to deploy a local controller in the branch!.
Many Thanks
Glynn