07-13-2015 04:44 AM
in on of my projects i need to have public access for specific users (let's call them "guest") send to dedicated ADSL.
this is multi location deployment with two master/local 7220s and pair of small 7030 to be used as anchor set for "guests".
note - access points are in over 20 locations that are connected using L3 to core locations. (let's call them "datacenters")
main controllers are in two datacenters (L3 in between) and pair of 7030 is in third location.
7030 do have mgmt access over intranet as well as direct connection to firewall for "guest" traffic with VRRP (DMZ zone)
I'm looking for some advice on configuration of 7220s and 7030 to have proper routing for any of the "guests" users that may connected at any location.
traffic flow for "guests" should be from any AP thru one of main controllers and then send to 7030 for discharge in to DMZ/ADSL.
Any help is appreciated.
07-13-2015 05:07 AM
Please take a look at the article here: http://community.arubanetworks.com/t5/Aruba-Soluti
The controller models do not really matter.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
07-22-2015 04:34 AM
i would like to get more details on GRE in my scenario
as i mentioned above, i have two main controllers in L3 mode and two anchor in HA
how many tunnels are needed from-to each controller?
how tunnels should be configured to have proper path/flow?
lets put some IPs and get scenarios
WLC1 - 10.0.1.1
WLC2 - 10.0.2.0
anchor1 - 192.168.1.2
anchor2 - 192.168.1.3
VRRP for anchor 192.168.1.1 (priority 200 for anchor1)
flow - may come from each of the WLC independently (AP groups)
q1) how many tunnels are needed PER each WLC?
- ONE towards VRRP IP? two to each anchor? how system will know which path is correct?
q2) how many tunnels are needed on anchor devices? what should be source IP of that tunnel? VRRP?
Or possibly tunnel groups are required? Is there a mechanism to have priority on specific tunnel?