Wireless Access

 View Only
last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

bill of materials for Aruba wifi infrastructure

This thread has been viewed 66 times

  • 1.  bill of materials for Aruba wifi infrastructure

    MVP
    Posted Dec 28, 2020 09:17 PM

    Hi,

    I am preparing bill of materials for deployment of Aruba wifi, can you please clarify to me such specific details:

    1) I've chosen two JW686A, which by design support max. 64 access points. Can I form a cluster with these two and connect 90 access points to them ?

    2) If cluster from two JW686A is formed and one of them is in outage, will second one be able to support 90 access points ?

    3) WLC "JW686A" has only 1Gb/s ports to connect to L3 switch: can it be a potential bottleneck if I use 802.11ax access points "Q9H62A" ?

    4) for "Q9H62A" and "Q9H57A" access points will rack mounting bracket kit "R1C72A" fit ?!

    Thanks for supporting



    ------------------------------
    A. Y.
    ------------------------------


  • 2.  RE: bill of materials for Aruba wifi infrastructure

    MVP EXPERT
    Posted Dec 29, 2020 04:34 AM

    1. No that's not supported.

    2. No a 7030 controller can handle max. 64 AP's and that's the limit.

    3. Depends on capacity and applications to support, but with 90 AP's i recommend to create a link-aggregation (aka port-channel) or use a 10Gbps uplink where possible.

    4. Yes, but the AP-MNT-MP10-D is my favorite, a flat surface mount that will fit on every type ceiling.

    For create a ArubaOS8 cluster a Mobity Master 2x MM-VA-50 is required as well. Each controller can handle 64 AP tunnels but each AP create a redundant tunnel to both controllers. Therefore each controller must can handle 90 AP's and the 7030 will not fit that. You wil need two 7205 controllers at least or maybe a 7210 if you like to have beter hardware chips and redundant power supply's per unit.

    I send you a PM with an example kitlist based on your requirements.


    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------

    Original Message


  • 3.  RE: bill of materials for Aruba wifi infrastructure

    MVP
    Posted Dec 29, 2020 09:33 PM

    Thanks for details and example of BoM received,

    I have some details to clarify, if possible :

    1) if 3 pcs of JW686A are ordered to provide redundancy for 90 access points when one of WLCs is in outage , is such design feasible ?! (I plan to connect two  JW686A to distribution switches and the third one - to core switch in another subnet, or for seamless roaming better to put them to the same subnet) ?

    The reason why I stick to JW686A is because its price is more than 3 times less than for another approved model of WLC  JW751A.  I plan to make two proposals : one is with 3 pcs JW686A and one is with 2 pcs JW751A.

    2) for 90 pcs of access points its enough to purchase only 90 licenses for access pots, no need to double or triple to install for each WLC  ?!

    3) JW472AAE vs JW471AAE are they equal, can universal  AP license include also "Aruba Policy Enforcement Firewall" (to exclude JW473AAE)

    4) H3CB5E  "Aruba 1Y FC NBD Exch 7030 Controller SVC" when this expires, its mandatory to renew it each year for software updates ?!

    5) not clear of purpose H2XW3E



    ------------------------------
    A. Y.
    ------------------------------

    Original Message


  • 4.  RE: bill of materials for Aruba wifi infrastructure

    MVP EXPERT
    Posted Dec 30, 2020 06:24 AM

    1. 3 controllers will not the best solution. Because each accesspoint have two tunnels to both controllers active/active for seamless failover when a controller fails. <EDIT> With 3x7030 and 90 accesspoints is close to the limit of 96 access points for a 3x7030 design, but is possible. </EDIT>

    1a. When you plan for a cluster, the best way is to plan for a L2 cluster and therefore both controller need the exact same vlans/subnets, this is also important for seamless roaming.

    1b. If price is an issue you can also look for a controller-less (instant) option, the design scales to aprox. 100 access points.  The 7205 is a much beter controller as the 7030, don't plan only for AP capacitity but also for client capacitity and throughput. 

    2. You need 90 AP capacity licences, that are required.

    3. The JW472AAE is the AP capacity licences where the JW471AAE is the enterprice bundel that also include the Policy Enforcement Firewall (PEF), RF-Protect and Airwave licence. In the-end the price for the separate licences and the enterprice bundle are equal in cost.

    4.  Yes. You need and active support contract to be able to download software updates.

    5. All licences and support are cut into pieces, this sounds a little weird but you only pay for the features you licenced for, and for each feature there is seperate support added. When add more features you need to pay more for support. You can't split them or disable them per licenced feature, it's as part of your controller support. Better Aruba should show one price for support to be more clarity but because the "pay for what you use" strategy this isn't possible.



    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------

    Original Message


  • 5.  RE: bill of materials for Aruba wifi infrastructure

    MVP
    Posted Dec 31, 2020 12:29 AM
    Many thanks for all these details and supporting !  👍

    ------------------------------
    A. Y.
    ------------------------------

    Original Message


  • 6.  RE: bill of materials for Aruba wifi infrastructure

    Posted Jan 01, 2021 11:42 AM
    Hi Marcel,

    Could you explain this?

    1. 3 controllers will not the best solution. Because each access point have two tunnels to both controllers active/active for seamless failover when a controller fails. With 3x7030 and 90 access points this is an unbalanced situation and a part of it will go offline when a controller fails.

    I have never been told this kind of symmetry and there is not in the ArubaOS 8 Fundamentals guide, in the Seamless Roaming section. I thought you can have 3 or 4 7030, and if they are in the same subnet and share the same user VLANs there will be seamless roaming for every AP, at the end all the controllers are synchronized about user states. Maybe there is another official document that explain what you says. Thank in advance.



    ------------------------------
    Julian Ortiz
    ------------------------------

    Original Message


  • 7.  RE: bill of materials for Aruba wifi infrastructure

    MVP EXPERT
    Posted Jan 01, 2021 01:41 PM
    Hi Julian,

    Sure, your right, i overlooked the AP count of 90 is possible after re-calculation. In an ArubaOS8 cluster each access point create an established tunnel to each controller, a AAC (AP Anchor Controller) to the first controller and a S-AAC (Standby AP Anchor Controller) to the second controller. When a cluster exist of 2x7030 controllers each controller can handle max. 64 access point AAC or S-AAC tunnels. When one controller fails the other one take over hitless because both AAC and S-AAC tunnels are established and synchronized the connection state between both controllers.

    In a situation with 3x7030 and 100 access points it isn't possible to create a AAC and S-AAC tunnel for all 100 access points and therefore a part of the access points are not redundant.

    So yes with 3x7030=192 tunnels /2 = max. 96 access points. can create an AAC and S-AAC tunnel but with a 90 AP design this limit is coming close and you would like to plan for some left over in capacity for in the next 5 years.

    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------

    Original Message


  • 8.  RE: bill of materials for Aruba wifi infrastructure

    Posted Jan 01, 2021 08:58 PM
    Hi Marcel,

    Ok, now I understand. With 3x7030 and 100 APs a few of them will not be redundant. With 3x7030 and 90 APs is possible and all the APs will be redundant, but yes, it is always a good idea to plan for growing in the coming years. Thanks for the explanation.

    ------------------------------
    Julian Ortiz
    ------------------------------

    Original Message


  • 9.  RE: bill of materials for Aruba wifi infrastructure

    Posted Jan 02, 2021 05:50 AM
    With only 90 APs have you considered using Central to manage these, you wouldn't need to buy controllers at all
    Original Message


  • 10.  RE: bill of materials for Aruba wifi infrastructure

    MVP EXPERT
    Posted Jan 02, 2021 07:25 AM
    Sure that's possible and a controller enviroment and a  instant network have both similar functionalities that are comparable, but you have to understand the concepts are different and have separate architectures. An instant network is designed for smaller networks, technical not a limit but design technical we say max. 100 access points in an Instant network. The IAP's where also designed to allow an instant network to grow and migrate to a controller-based environment. In this configuration (a new deployment) the choose is break-even. No good or bad.

    Let's explain the difference:

    In a controller environment the client encrypt al traffic and the AP send it to the controller in a GRE tunnel. The controller receive the frames and decrypts the traffic and firewall the traffic. In a Instant network this process is all done by the access points selfs and the 802.3 traffic is processed locally. Encrypting and Decrypting traffic and firewall is cost a lot of resources, an AP have less resources than a heavy controller to do this task.

    In an Instant network each access point need to be in the same layer 2 vlan to operate, each access point need to be configured in the network switches and must be equal in the cluster. A managed vlan (normally untagged), a corporate vlan and a guest vlan, need to be distributed and configured on each switch interfaces. Instant have seamless roaming but it depend on the switch infrastructure if a client mac-address is updated in the mac-tables fast enough when a client hops from one to the other AP and the switch interface is changed. In a controller based environment access points only a managed vlan is needed, no need to distribute the corporate and guest SSID's on the edge switches, and the AP's can be places in different management vlans. Therefore in a controller based network the edgeswitch configuration is more simple because al traffic is tunneled to the controllers. When it comes to seamless roaming both controllers synchronize the client mac-adresses and the network switches are " not known" about a client that roams because the mac-adresses are synced between the controllers, this is one of the advances of MC clustering in a controller environment. When in an Instant network an access point crash or reboot the clients on that AP will be disconnected, in an controller based environment the client state is synced between the controllers and will hitless failover to another AP, this is a second advanced of MC clustering.

    An cluster bades environment can support live-upgrades without clients are notice about an upgrade is going on.

    Instant use ARM (Adaptive Radio Management) for optimize the RF spectrum. In a controller based network (with a mobility master) Aruba Airmatch is used for optimize the RF spectrum and have many more parameters then ARM. This is helpful in an RF challenged environment.

    If you need to terminate VIA VPN (aruba vpn client)  or Remote Access Points this can only be terminated to a Controller based solution.

    The ACMP and ACMX courses are primarily focussed on the controller based CLI, so a lot of us do troubleshooting much better on a controller based solution as on an instant based solution that have a different CLI commands. But that is my personal opinion.

    The cost of an instant network  are less than a controller based environment, the only thing you need is access points, no licenses except of an Aurba Central subscripting (yearly) or an Aruba Airwave license (fixed) for central management.

    So now you see there is no good or bad in choice for a controller based or instant network and understand the different concepts, but i agree there is a gap in price. Because 90 AP's is al most on the breakeven point from design perspective i more like the controller based solution because the easyness of switch configuration, roaming is independently from switch operation, airmatch, live-upgrades, hitless failover, and i'am better on the controller GUI/CLI as where i'am trained for. But again it's my personal opinion, Aruba Instant will do a great job as well for example when you have a lot of small sites and managed it from Aruba Central could be a great solution.

    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------

    Original Message


  • 11.  RE: bill of materials for Aruba wifi infrastructure

    Posted Jan 02, 2021 07:36 AM
    With controller-based deployments you can also just drop clients to local lan. Many people prefer this as after this both wired and wireless clients are in the same IP subnets. For example users that are using docking stations are connected to LAN network while docked, but once they lift their laptops of the dock it just suddenly jumps to totally different IP subnets.

    Of course dynamic segmentation makes wired LANs also similar to wired but if you do not have the certain Aruba access devices you might prefer locally switched WLAN clients too.

    And yes it requires more from the AP but is that a problem? Do you have any white papers describing the performance differences between tunneled and locally switches clients? Would love to see that to know if the impact is real.

    VLAN/subnet management is dependant of course in the case, even with controller based deployment all the APs could be in the same VLAN anyways if they're in the same building. If not, it really doesn't matter roaming wise either.

    Can you not upgrade Central managed IAP clusters with live upgrade? Would seem weird, hopefully AOS 10 fixes this

    I believe Central handles ARM stuff too.

    VIA VPN was not a requirement here.

    License prices seem to be about the same doesn't matter if it's Central license or AP + PEF + Airwave license. Difference is of course the price of the controllers.

    With Central you can also use all the new ML + AI features that are not available with controller based deployments.

    Limit for a single IAP cluster is around 100-128 APs I think currently, but OP could do two different clusters and still manage them centrally from Central. If they're in two different buildings.

    Or just upgrade AOS 10 this year when it becomes available and remove the cluster size limits.

    Original Message


  • 12.  RE: bill of materials for Aruba wifi infrastructure

    MVP EXPERT
    Posted Jan 02, 2021 09:09 AM
    Hi John,

    On a controller based environment bridge mode is not recommended, for example captive-portals are unsupported if needed, and more, but that's of topic for now. If bridge mode is required better use Aruba Instant.

    I agree that dockingstrations can be challenging sometimes depending on OS settings. From design and security perspective it's never recommended to place LAN and WLAN on the same VLAN subnet. But also this can be the best discussed in a new topic.

    Your right. Performance impact controller vs instant should not be noticeable for the client, it's just a centralized vs distributed design choice.

    Aruba instant don't support live upgrades because client states are not synchronized between access points. Don't think this comes in AOS10 because the concept is the same. But in AOS10 you can import controllers and managed in from Aruba Central, so yes then it's possible. That's what i think for now.

    Aruba Central will indeed do ARM but no Airmatch like a controller can do, that are two different techniques.

    There are no licenses in Aruba Instant except the one that's optional needed for central management Aruba Central or Airwave. Don't exactly known where the breakeven point is, of course Aruba Central costs come back yearly (or in a bundle of couple years) that have to take in count.

    I didn't known much about the new ML+AI features but it seems like this is a Aruba Central feature, not one of instant or controllers at is own.

    There is no hard limit for an Instant Cluster but the max. tested cluster is indeed 128 AP's. Thats why the design rules say 100-128 AP per cluster. If the environment consist of different building i would always create a separate cluster for each building, until that stay close next to each other like a campus site.

    I appreciate your feedback and really like to discuss some design strategies. I think we should best open a  new topic before we go to much off topic on the main question.

    ------------------------------
    Marcel Koedijk | MVP Expert 2020 | ACMP | ACCP | Ekahau ECSE
    ------------------------------

    Original Message


  • 13.  RE: bill of materials for Aruba wifi infrastructure

    Posted Jan 03, 2021 10:10 PM
    Hi Marcel,

    That was a very great explanation. And yes, also you have to take into account if you want to use Central or AirWave as your monitoring platform. Although Central still has some limitations, AirWave disappointed me since my last implementation, and is much more complex to managed. It will be great if we can manage controllers from Central with AOS 10.

    ------------------------------
    Julian Ortiz
    ------------------------------

    Original Message