The obvious answer is, "It depends". :D
Are we referring to just a single controller? Is this a large network or a small, single-subnet network? What ArubaOS version?
We have over 4500 APs with multiple controllers, We decided to physically install split our controllers in our 2 data centers. We have APs on separate subnets but they are not firewalled from the controllers. We use certificate based control plane security to control AP access. The management subnet is protected by access control lists.
You Aruba account team, especially your SE should be able to give good guidance.
------------------------------
Bruce Osborne ACCP ACMP
Liberty University
The views expressed here are my personal views and not those of my employer
------------------------------
Original Message:
Sent: Oct 16, 2021 04:50 AM
From: Daniel wolf
Subject: Positioning of a Wireless Mobility Controller in a Network
Hi,
I´d like to as a Design-related question regarding the general positioning of a Wireless LAN Mobilty Controller appliance in a network!
Would it be necessary/useful to secure the Mobility Controler from the rest of the network through a firewall, in which case all AP relevant Mgmt- and Communitcation traffic had to go through the firewall before reaching the Controller?!
How do you basically handle that kind of design or does anybody know if there`re official design guides public?
thanks for any kind of help in advance!