Wireless Access

Reply
jt-
Occasional Contributor II

Wireless clean up options

Hi

I have a site that currently has a corporate SSID and a guest SSID that is tunneled back to the controller. They have vehicals that have wireless cards in them that for specific applications and connect to Specific SSIDs. The one can be tunneled back, the other needs to talk to a local device. This particular application needs to talk to a server that is on the local network, at this time there's no need for it to talk anywhere else. Could I use Split tunneling option for this and are there any issuess with having Tunnelled and Split Tunneled VAPs in the same AP Group?

 

Any Thoughts?

John

Guru Elite

Re: Wireless clean up options

What is the network between the access point at site and the controller?

 

Split tunneling only works with an access point that is configured as a remote AP.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
jt-
Occasional Contributor II

Re: Wireless clean up options

There's a LAN extension fibre connection. The controller and the branch site are on separate VLANs , but both are internal to the Corporate firewall.

Guru Elite

Re: Wireless clean up options

Thanks for that information.

 

If you want a client to get an ip address local to the AP you would need:

- Control Plane Security Enabled

- A Virtual AP configured as "bridged"

- The VLAN that you want the client to be on trunked to every AP that SSID is connected to.

 

The switchports that those APs are connected to would need to be configured as trunks with the "default" or untagged VLAN as the VLAN the APs would get their ip addresses from.  You would  need to allow the VLAN that the clients need to be on, on those switchport trunks.  Lastly, you would configure a bridged Virtual AP where the VLAN specified is the client VLAN allowed on those trunks.

 

Since you have a fiber connection between the APs and the controller and there should be no significant latency between the client and the server, most people would opt for the Tunneled Virtual AP and avoid having to configure switchports at a remote location. 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
jt-
Occasional Contributor II

Re: Wireless clean up options

Thanks, I'd like to use the tunneled mode. The problem is the server is at the branch site and there are handhelds that are using Windows CE and must be on the same network as the server and must be at the branch office. It looks like I have three options to choose from just need to pick the cleanest and easiest to maintain.

* enable control plane security and use bridge mode for that SSID.

* Continue to use 3 separate AP's /IAPs for the SSID.

* Use tunnel mode to bring it back to the controller only NAT it possibly a couple times to get it to work.

 

If I enable  control plane security is there anything I should watch out for?

 

thanks

John

Guru Elite

Re: Wireless clean up options

Control Plane Security is enabled by default.  If it is off and you need to re-enable it, you are talking about a minimum 15 minute outage while all of your APS obtain a certificate.  You can check to see if your controller has control plane security already enabled:

(Aruba7640-US) #show control-plane-security 

Control Plane Security Profile
------------------------------
Parameter                    Value
---------                    -----
Control Plane Security       Enabled
Auto Cert Provisioning       Enabled
Auto Cert Allow All          Enabled
Auto Cert Allowed Addresses  N/A

(Aruba7005-US) #
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: