Wireless Access

 View Only
last person joined: 23 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Mobility Master - IAP & controllers in one group?

Jump to Best Answer
This thread has been viewed 9 times
  • 1.  Mobility Master - IAP & controllers in one group?

    Posted May 05, 2022 04:38 PM
    Hi,

    I'm running an 8.6 vMM. Can (or should) I create a single group that has both 7005 controllers, and IAP515 in controlled mode?

    Does this need to be IAP-VPN architecture?

    Does it make more sense to have one group of, 7005 controllers, and one group that has IAPs?

    Thanks,

    Ambi

    ------------------------------
    Ambidexter
    ------------------------------


  • 2.  RE: Mobility Master - IAP & controllers in one group?

    EMPLOYEE
    Posted May 05, 2022 05:28 PM
    What are you trying to do?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: Mobility Master - IAP & controllers in one group?

    Posted May 05, 2022 05:55 PM

    Hi,

    There are 50+ sites that have 7005 controllers mastered by a 7210.  They run 6.5.

    I've taken one of those 7005s and upgraded it to 8.6.0.11, in standalone mode. That works fine for our older 105 and 205 APs. 

    I've also created two VMs with Mobility Conductor (vMMs). 

    In addition, there  are a number of sites that have IAP 515 clusters...some with 15 IAP 515s, some with 1 or 2. The IAPs are already running 8.6.0.11.

    Once I get the config off the 7005 standalone "translated" to the vMM, and test it, I'll want to get the 515s in controlled mode, attached to the vMM.

    Most if not all sites have the same SSIDs, AAA, DNS, VLANs, etc. So, I could make an "all sites" group that has these common things, and add separate sub-sites that have 515s and 7005s. 

    I suppose the "nub" of my question is does the process that sync's the databases to the controllers/IAPs know the syntax of the common elements, so there's no confusion or issue with, say our Clearpass configs, NTP, etc. 

    I suppose as everything will be 8.6 there shouldn't be an issue. But is there some advantage to having groups per-controller/IAP?

    Regards,
    -Ambi



    ------------------------------
    Ambidexter
    ------------------------------



  • 4.  RE: Mobility Master - IAP & controllers in one group?
    Best Answer

    EMPLOYEE
    Posted May 05, 2022 07:55 PM
    I am assuming "controlled mode" means that you convert the IAPs into regular APs and terminate them on a controller somehwere.

    The hierarchy configuration in AOS8 is mainly for large corporations that have sites in different countries that need to make exceptions to the global configuration.  You could accomplish what you want with a single folder (which is where configuration resides) with different ap-groups.   You could configure everything under the same folder and have an ap-group for each different site.  The global configuration that has AAA servers, NTP, etc can be the same.  At the device level (the controller level) is where you would configure ip addresses, interface configuration, l2/l3 things.

    Don't get hung up on folders.  The main thing is to create a folder under /md and do all of your global configuration there, that way you are not going through different folders looking for where you configured something.  All controllers in that folder will inherit ntp, AAA, DNS.  You can even configure VLANS here.  All of this would get pushed to all devices in the folder, but at the device (controller) level, you can say what VLANs are on what interface/trunks, etc.  You can even define a VLAN name right under /md and then you can define the VLAN name at the device (controller level) to save time;  If you have a guest VLAN, you can create a VLAN name of "guest" under /md/<folder/ and then at the controller level you can configure the translation guest vlan name = x.  As an extreme example you can create a single WLAN (virtual AP) and the VLAN users will be place in will depend on what VLAN number is defined for the VLAN name guest, for example.  You can then add that Virtual AP to the ap-group of a site and add APs to the ap-group where you want that WLAN broadcast.

    I hope this made sense.



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------