Wireless Access

Reply
Occasional Contributor II

build Wireless network with tow connections

Hi to everyone 

I have infrastructure that there is internet router seprated from core switch and we don't want to connect the internet router to core switch but we want to connect the internal network and internet router to the controller to create 2 SSIDs 

1- guest taking internet from internet router 

2- internal network from the core switch 

and I would like to know if we can connect internet router in 1st port of the controller and the core switch in the 2nd port of the controller and if we can what wil be the default gateway and how will be the routing between the 2 subnets 

 

Re: build Wireless network with tow connections

In general, customers look for isolation between corporate and guest users in this case, not routing between those. If you deploy in L2 mode, which is most common, an external router will be used to route traffic. You create (at least) two VLANs in this case, and connect the corporate SSID to the corporate VLAN to the corporate router/switch, and guest SSID to guest VLAN, to the guest router.

 

There will be no routing between those networks, unless you create a route on the corporate router and guest router (probably via a firewall).

 

If you do captive portal, you need to put an IP address on the controller guest VLAN, make sure with access-lists that the controller IP cannot be used to access the controller or services behind the controller.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: build Wireless network with tow connections

by the way the phisical connection just will be in the controller there is no other phisical connection between them

Actually we don't want to route between them we want the external router to be isolated from network so we don't want to add routing in our infrastructure between them 

if I configure the first port for corporate vlan and connected to our core switch 

and configure the second port for the external router and connected to it 

 

in this case there is routing so 

1- will both SSIDs work fine and corporate take from our dhcp server and guest will take from external router ?

2- if didn't work do I have to add route between them in the controller and how will be ?

I really apprecite thanks a lot 

Aruba Employee

Re: build Wireless network with tow connections


@Turki wrote:

in this case there is routing so 

1- will both SSIDs work fine and corporate take from our dhcp server and guest will take from external router ?

2- if didn't work do I have to add route between them in the controller and how will be ?

I really apprecite thanks a lot 


In your example, there should not be any routing between the two networks. From your use-case:

 

1st port configured for corporate VLAN and connected to core switch

2nd port configured for guest and connected to an external router

 

For simplicity, the first port is configured as an access port in VLAN1 with an IP address associated for management of the controller. The default router points to the corporate infrastructure. The corporate SSID places users in this VLAN (1). Because the corporate user is placed in VLAN 1, the corporate DHCP servers are used. Corporate users are layer 2 connected to the corporate infrastructure, without the controller acting as the default gateway for corporate users.

 

The second port is configured as an access port for a dedicated VLAN, 600, and connected to the external router. There is no IP assigned to this interface on the controller. The guest SSID places users in this VLAN (600). Guest users will need DHCP provided by the external router. The external DHCP server will also provide external DNS information to clients, so there is no dependency on corporate servers. The external router is the defauly gateway for guest users. The guest VLAN 600 is layer 2 connected to the external router, there is no routing between guest and corporate users at the controller.


Charlie Clemmer
Aruba Customer Engineering
Occasional Contributor II

Re: build Wireless network with tow connections

Hi 

last question 

1st port will be access to internal network as example subnet 20.1.1.0 255.255.255.0

2nd port will be access for external router as example subnet 192.168.1.0 255.255.255.0

what about the access points IP if there is no routing between the 2 subnets as the access points will serve the 2 SSIDs  either we gave the access points IP from guest subnet or internal network subnts how we will accomplish this task 

 

thank you and best regards

Aruba Employee

Re: build Wireless network with tow connections


@Turki wrote:

Hi 

last question 

1st port will be access to internal network as example subnet 20.1.1.0 255.255.255.0

2nd port will be access for external router as example subnet 192.168.1.0 255.255.255.0

what about the access points IP if there is no routing between the 2 subnets as the access points will serve the 2 SSIDs  either we gave the access points IP from guest subnet or internal network subnts how we will accomplish this task 

 

thank you and best regards


Under normal operation, the Access Points know nothing about the VLANs that users are connected to.

 

APs would be connected to your corporate infrastructure. They will create GRE tunnels to the controller for each SSID in use. The controller is responsible for connecting the user's data from the tunnel to the appropriate VLAN/network.


Charlie Clemmer
Aruba Customer Engineering
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: