Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎05-19-2011

VLAN tunneling question

I have two controllers ControllerA and ControllerB.

 

ControllerA is setup with the following SSIDs

-----------------------------------------------------------
Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.
Restricted - with VLAN pooling, Certificate based authentication using ClearPass and profile provisioned from ClearPass, Using external DHCP server.
Visitor - with VLAN pooling, Captive portal based authentication using CleaPass, using Controller and DHCP server.

 

ControllerB is setup with the following SSIDs

-----------------------------------------------------------
Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.

 

Requirement

------------------

I would like to extend the Restricted and Visitor SSID functionalities to the ControllerB with minimal configuration changes on ControllerB. I was thinking to tunnel Restricted and Visitor SSID VLANs from ControllerB to ControllerA for this. I am expecting ControllerB to tunnel all traffic back to ControllerA and ControllerA handles user authentication, role assigments and DHCP function (for Visitor).

 

Question

------------

I am wondering if my understanding is correct and are there any potential issues with this setup? Thanks in advance for the help.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: VLAN tunneling question

mohsinsalimvs,

 

Can you bridge the traffic on ControllerB to the same layer2 VLANs as ControllerA physically?  There is nothing wrong with tunneling traffic from controllerB to ControllerA, but if controllerA is down, so is most of the services on ControllerB...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎05-19-2011

Re: VLAN tunneling question

Hi cjoseph,

 

Yes, I can use the same L2 Vlans on both sides. In this case should the ControllerA be able to handle Authetication and role assignment functions even though the clients are not attached to it directly?

 

Thanks for reply.

Guru Elite
Posts: 21,281
Registered: ‎03-29-2007

Re: VLAN tunneling question

Each controller would authenticate the clients that are connected to their access points separately.  controller A and Controller B would each also handle role assignment.  If you use radius, the source ip address of the radius client would be either controller A or controller B when it goes to the radius server.  

 

Do you have a simple network diagram of how it is setup currently?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: