Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VLAN tunneling question

This thread has been viewed 1 times

  • 1.  VLAN tunneling question

    Posted Mar 26, 2014 02:23 AM

    I have two controllers ControllerA and ControllerB.

     

    ControllerA is setup with the following SSIDs

    -----------------------------------------------------------
    Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.
    Restricted - with VLAN pooling, Certificate based authentication using ClearPass and profile provisioned from ClearPass, Using external DHCP server.
    Visitor - with VLAN pooling, Captive portal based authentication using CleaPass, using Controller and DHCP server.

     

    ControllerB is setup with the following SSIDs

    -----------------------------------------------------------
    Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.

     

    Requirement

    ------------------

    I would like to extend the Restricted and Visitor SSID functionalities to the ControllerB with minimal configuration changes on ControllerB. I was thinking to tunnel Restricted and Visitor SSID VLANs from ControllerB to ControllerA for this. I am expecting ControllerB to tunnel all traffic back to ControllerA and ControllerA handles user authentication, role assigments and DHCP function (for Visitor).

     

    Question

    ------------

    I am wondering if my understanding is correct and are there any potential issues with this setup? Thanks in advance for the help.



  • 2.  RE: VLAN tunneling question

    EMPLOYEE
    Posted Mar 26, 2014 03:27 AM

    mohsinsalimvs,

     

    Can you bridge the traffic on ControllerB to the same layer2 VLANs as ControllerA physically?  There is nothing wrong with tunneling traffic from controllerB to ControllerA, but if controllerA is down, so is most of the services on ControllerB...

     



  • 3.  RE: VLAN tunneling question

    Posted Mar 26, 2014 03:46 AM

    Hi cjoseph,

     

    Yes, I can use the same L2 Vlans on both sides. In this case should the ControllerA be able to handle Authetication and role assignment functions even though the clients are not attached to it directly?

     

    Thanks for reply.



  • 4.  RE: VLAN tunneling question

    EMPLOYEE
    Posted Mar 26, 2014 06:48 AM

    Each controller would authenticate the clients that are connected to their access points separately.  controller A and Controller B would each also handle role assignment.  If you use radius, the source ip address of the radius client would be either controller A or controller B when it goes to the radius server.  

     

    Do you have a simple network diagram of how it is setup currently?