Cloud Managed Networks

Good Afternoon All,
     I'm looking into moving an implementation from AOS 8.10 to AOS 10.  It is already being managed through Aruba Central and I've already created all of the new device groups so the update itself is no big deal.
     
     The issue I am running into isn't a deal breaker, but it will result in a lot more work and opportunities for mistakes.  The network I am working does not have Controllers/Gateways.  They are used to using Instant and don't want controllers but would like to take advantage of the Live upgrade features in AOS 10.  
     
     In AOS 10 all of the APs create their own tunnels to Central and the idea of the Virtual Controller is gone.  This also takes away the ability to use the VC as a RADIUS proxy so that only one RADIUS client needs to be configured on the RADIUS server for a given network.  Without the RADIUS proxy I have to add all of the individual APs (eventually 100s at least) as RADIUS clients separately. which seems like a step backward and presents opportunities to make mistakes.  Is there are workaround for this in 10.3?
    
    I have been looking at Cloud Auth as a potential solution (Azure AD is available as a backend User database) but if I was reading correctly that requires AOS 10.4.

Regards,

Bill Fischer

you can add the AOS10 APs as NADs to your RADIUS server either individually (which could take 100s of entries) or you can specify one or few subnets.
Here is the ClearPass example



------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Original Message:
Sent: Jan 13, 2023 09:58 AM
From: Bill Fischer
Subject: Aruba OS10 - RADIUS Proxy?

Good Afternoon All,
     I'm looking into moving an implementation from AOS 8.10 to AOS 10.  It is already being managed through Aruba Central and I've already created all of the new device groups so the update itself is no big deal.

     The issue I am running into isn't a deal breaker, but it will result in a lot more work and opportunities for mistakes.  The network I am working does not have Controllers/Gateways.  They are used to using Instant and don't want controllers but would like to take advantage of the Live upgrade features in AOS 10.

     In AOS 10 all of the APs create their own tunnels to Central and the idea of the Virtual Controller is gone.  This also takes away the ability to use the VC as a RADIUS proxy so that only one RADIUS client needs to be configured on the RADIUS server for a given network.  Without the RADIUS proxy I have to add all of the individual APs (eventually 100s at least) as RADIUS clients separately. which seems like a step backward and presents opportunities to make mistakes.  Is there are workaround for this in 10.3?

    I have been looking at Cloud Auth as a potential solution (Azure AD is available as a backend User database) but if I was reading correctly that requires AOS 10.4.

Regards,

Bill Fischer