Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

anchor controlers configuration - need some guideince..

  • 1.  anchor controlers configuration - need some guideince..

    Posted Jul 13, 2015 07:45 AM

    in on of my projects i need to have public access for specific users (let's call them "guest") send to dedicated ADSL.

    this is multi location deployment with two master/local 7220s and pair of small 7030 to be used as anchor set for "guests".

    note - access points are in over 20 locations that are connected using L3 to core locations. (let's call them "datacenters")

    main controllers are in two datacenters (L3 in between) and pair of 7030 is in third location.

    7030 do have mgmt access over intranet as well as direct connection to firewall for "guest" traffic with VRRP (DMZ zone)

    I'm looking for some advice on configuration of 7220s and 7030 to have proper routing for any of the "guests" users that may connected at any location.

     

    traffic flow for "guests" should be from any AP thru one of main controllers and then send to 7030 for discharge in to DMZ/ADSL.

     

    Any help is appreciated.



  • 2.  RE: anchor controlers configuration - need some guideince..

    Posted Jul 13, 2015 08:07 AM

    Please take a look at the article here:  http://community.arubanetworks.com/t5/Aruba-Solution-Exchange/L2-GRE-to-DMZ-controller-with-Captive-Portal-SSID/ta-p/202649

     

    The controller models do not really matter.

     



  • 3.  RE: anchor controlers configuration - need some guideince..

    Posted Jul 22, 2015 07:34 AM

    greetings

    i would like to get more details on GRE in my scenario

    as i mentioned above, i have two main controllers in L3 mode and two anchor in HA

    how many tunnels are needed from-to each controller?

    how tunnels should be configured to have proper path/flow?

    lets put some IPs and get scenarios

    WLC1 - 10.0.1.1

    WLC2 - 10.0.2.0

    anchor1  - 192.168.1.2

    anchor2 - 192.168.1.3

    VRRP for anchor 192.168.1.1 (priority 200 for anchor1)

    flow - may come from each of the WLC independently (AP groups) 

    q1) how many tunnels are needed PER each WLC?

    - ONE towards VRRP IP? two to each anchor? how system will know which path is correct?

    q2) how many tunnels are needed on anchor devices? what should be source IP of that tunnel? VRRP?

    Or possibly tunnel groups are required? Is there a mechanism to have priority on specific tunnel?