Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Airgroup with RAP (split-tunnel) and also L2-GRE tunnel

This thread has been viewed 1 times

  • 1.  Airgroup with RAP (split-tunnel) and also L2-GRE tunnel

    EMPLOYEE
    Posted Mar 29, 2014 09:28 AM

    Hi,

     

    I have a requirement to change some campus APs to be raps so that I can change the guest ssid to be split-tunnel.  The reason for this is that the customer has a requirement to allow guest users to be able to print to some of their corporate printers.  All the guest traffic will be tunnelled to the controller, apart from traffic for the printers which will be 'route src-nat', as below

     

    user alias printer any route src-nat
any any any permit

     

    So my question is whether or not Airgroup will still function if they decide to bring in wireless printers for the guests.  As victorfabian said here it is only for tunnel and decrypt-tunnel modes.  However, since RAP traffic sent into the tunnel to controller is decrypt-tunnel, it's not clear to me if this will work or not.

     

    And extending this idea further, some of the sites have local controllers BUT the guest traffic is sent in an L2-GRE tunnel to the Master.  The local is a 650 which doesn't support Airgroup, but the Master is a 360 which does support Airgroup.  So in this case, will Airgroup work if they put a wireless printer on for the guests.

     

    Thanks

     

     



  • 2.  RE: Airgroup with RAP (split-tunnel) and also L2-GRE tunnel
    Best Answer

    EMPLOYEE
    Posted Mar 29, 2014 10:18 AM

    The forwarding mode of the Virtual AP needs to be tunnel or decrypt tunnel for airgroup to work.  MDNS(airprint) as a protocol will not work past a nat boundary, so if there is NAT between the guest network and the printer, consider something else like Google Cloud Print.