Please work with your Aruba partner, as this doesn't sound like an optimal design. If you want to have a local break-out in a branch, in a controller solution, it is recommended to put a controller on the site. If the site is too small, or there is not need to deploy a controller, Aruba Instant will do your local breakout instead.
Bridge mode on CAP is deprecated.
From a design perspective, I would not do this. If there are reasons (like political) to nevertheless deploy it, be aware of the limitations of bridge mode on CAP, and carefully test what you do. I don't expect many customers having deployed like this.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 07, 2021 01:32 AM
From: Sara Zarb
Subject: Bridge Mode CAP And Captive Portal
We have a requirement where we have a Mobility Controller Cluster, managed by a Mobility Master pair in a head office site. The client has a number of branch sites with a number of APs each. They would like to implemt CAPs in the sites, whereby the CAPs communicate to the controllers in the main site. They would also like the wireless clients to have a local GW and a local DHCP, residing on the site firewall.
To our understanding, Captive portal is now supported in Bridge Mode. what is your take on this please? is it stable? does it work? we have ClearPass to manage wireless authentication at the head office site.
Thank you
------------------------------
Sara Zarb
------------------------------