I am looking to setup a configuration similar to a Cisco Anchor controller configuration. The SSID needs to be configured as WPA/WPA2 Enterprise. The AP would terminate to Controller A and then tunnel (Anchor) the user traffic to Controller B. Controller B would handle Authentication (Radius) for the clients and client traffic. I have configured this before on Cisco but is there a similar way to accomplish with on Aruba?
The old way is: create a gre tunnel between 2 controllers.
The new way (AOS8 only): use multizone to terminate an AP to a 2nd controller/cluster.
Thank you very much for the information, I have read the "old" documentation and understand the setup. The example given is for an open SSID, is it possible to adapt it for a WPA/WPA2 802.1x SSID. Creating the SSID on Controller A requires a AAA Profile but the requirement would be to perform authentication on Controller B.
You are correct; for 802.1X authenticated SSIDs, the controller advertising the SSID needs to do the authentication. You can then send the user through the tunnel; but if you need the authentication to happen at the remote controller; MultiZone in AOS8 might be a better solution.
In short, L2 security is handled at the internal controller; L3 security can be done on either internal or anchor/DMZ.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.