Cloud Managed Networks

 View Only
last person joined: yesterday 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

Tunneling traffic from IAP to 9004

This thread has been viewed 10 times

  • 1.  Tunneling traffic from IAP to 9004

    Posted Feb 06, 2021 03:02 PM
    If we would have basic SD-Branch setup with several AP-515s and 2930Fs, do we need to do separate role management on the IAPs? Or can we tunnel the traffic from APs to 9004 so we could use the same role mappings and not create the roles twice? Once on the 9004 for UBT traffic from switches and then second time for WLAN users connecting to IAPs.

    Or is there a way to copy roles and policies between UBT and WLANs? And in best case scenario we would be able to copy roles between different groups in Central.


  • 2.  RE: Tunneling traffic from IAP to 9004

    EMPLOYEE
    Posted Feb 07, 2021 08:29 AM

    I think this is not possible with APs at moment, for sure, yes with Aruba Switches using Tunnel node, what you can test is the stateful 802.1x feature at the Branch GW, in order to use clients auth at the AP side and map a role at the Branch GW, anyway you may have the role at the AP in order to prevent communication bewteen same vlan.

    Remember Branch GW do not provision APs, in this way, you can't assigne roles in a Branch GW as a central control point

     

    Regards

     

    --------------

    Jorge Calvi

    --------------

     

     




    Original Message