Controllerless Networks

 View Only
last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Central and Remote Office

This thread has been viewed 11 times

  • 1.  Central and Remote Office

    Posted Jan 14, 2021 05:23 PM
    Good afternoon - we are migrating from Controller to Central.  Going pretty smoothly until we reached an issue we need suggestions on.  With controller, we had RAPs installed at the President House broadcasting SSIDs there.  RAPS connected to external IP of controller and worked like a charm.  Obviously, not that easy with Central esp. since we are planning on getting rid of controller.  We installed AP-505s at house and they came up in Central and all looked good but that is it.  Users in house cannot connect to SSIDs or anything on campus so we are being told we have to create VPN tunnel and and make changes to ClearPass (auth source).  Hard to believe Aruba would not make this process simpler so looking for guidance.  Thank you

    ------------------------------
    David Mattox
    ------------------------------


  • 2.  RE: Central and Remote Office

    EMPLOYEE
    Posted Jan 14, 2021 11:31 PM
    Hi,

    I suggest to check this link https://help.central.arubanetworks.com/latest/documentation/online_help/content/gateways/cfg/micro-branch/iap_vpn.htm (There is a IAP-VPN solution guide at the end which might be helpful).

    If your remote sites need to reach corporate resources, you either need to have a VPN already established from the remote sites to HQ or the IAP can establish a VPN back to your controllers in HQ..

    ------------------------------
    Ayman Mukaddam
    ------------------------------

    Original Message


  • 3.  RE: Central and Remote Office

    EMPLOYEE
    Posted Jan 18, 2021 04:17 AM
    You just mentioned one of the benefits of having a controller as in no need to extend VLANs to the AP and tunneling all the traffic. If you want to replicate the same traffic tunneling or require ClearPass access from an internet location, you might need a VPN, and using a controller/gateway for that is (one way of) how to do it. Are these RAPs connected to the internet or to your internal network?

    From the information you provide about your environment, requirements, and architecture, it is hard to tell what is simple or what is hard to achieve. There are multiple options and some may match better than others.

    As with moving from controller-based to Instant AP your architecture significantly changes, I would advise you to revisit or even recreate your design based on the requirements that may have changed over the years. You may be good at moving from centralized to decentralized, or you may the re-think solutions like RAP. With this, it is important to overlook the bigger picture, not just the issues you run into, as the risk is that you get an ugly bandaid point-solution.

    Your Aruba partner or possible Aruba SE should be able to discuss the different Aruba architectures mapped on your environment and requirements.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message