Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba Anchor Configuration with 802.1x

Jump to Best Answer
  • 1.  Aruba Anchor Configuration with 802.1x

    Posted Feb 03, 2020 07:09 PM

    I am looking to setup a configuration similar to a Cisco Anchor controller configuration.  The SSID needs to be configured as WPA/WPA2 Enterprise.  The AP would terminate to Controller A and then tunnel (Anchor) the user traffic to Controller B.  Controller B would handle Authentication (Radius) for the clients and client traffic.  I have configured this before on Cisco but is there a similar way to accomplish with on Aruba?



  • 2.  RE: Aruba Anchor Configuration with 802.1x
    Best Answer

    Posted Feb 04, 2020 05:50 AM

    The old way is: create a gre tunnel between 2 controllers.

     

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468

     

    The new way (AOS8 only): use multizone to terminate an AP to a 2nd controller/cluster.

    https://community.arubanetworks.com/t5/Wireless-Access/How-to-Configure-Multizone/td-p/481727

     



  • 3.  RE: Aruba Anchor Configuration with 802.1x

    Posted Feb 04, 2020 08:14 AM

    Fabian,

     

    Thank you very much for the information,  I have read the "old" documentation and understand the setup.  The example given is for an open SSID, is it possible to adapt it for a WPA/WPA2 802.1x SSID.  Creating the SSID on Controller A requires a AAA Profile but the requirement would be to perform authentication on Controller B.

     

    Thank you,

    Mike



  • 4.  RE: Aruba Anchor Configuration with 802.1x

    Posted Feb 07, 2020 07:52 AM

    You are correct; for 802.1X authenticated SSIDs, the controller advertising the SSID needs to do the authentication.   You can then send the user through the tunnel; but if you need the authentication to happen at the remote controller; MultiZone in AOS8 might be a better solution.

     

    In short, L2 security is handled at the internal controller; L3 security can be done on either internal or anchor/DMZ.