Controllerless Networks

Hello everyone, 

I have been working with these three access points 1x AP505 and 2x AP505H controllerless and it's been a nightmare. I think the best bet is for me to purchase a virtual controller for these devices and just bite the bullet.  I want to do all my routing on my firewall and treat the access points like layer 2 switches. Would this help mitigate a lot of the weird bugs I'm getting with my wireless devices? The access point traffic is currently traveling through my Cisco switches, but printers and other devices seem to have random bugs that I cannot diagnose.

After getting the controller I would change them to "Remote APs managed by a Mobility Controller." Would that cause a lot of my issues from being fixed? 

What AP would be recommend for these devices? 

I was looking at the Aruba 7008 8-Port 100W PoE+. What is a small device I could use with these? 

Thanks! 

Instant APs don't do routing. so what are these weird bugs you are seeing? 

Hello everyone, 

I have been working with these three access points 1x AP505 and 2x AP505H controllerless and it's been a nightmare. I think the best bet is for me to purchase a virtual controller for these devices and just bite the bullet.  I want to do all my routing on my firewall and treat the access points like layer 2 switches. Would this help mitigate a lot of the weird bugs I'm getting with my wireless devices? The access point traffic is currently traveling through my Cisco switches, but printers and other devices seem to have random bugs that I cannot diagnose.

After getting the controller I would change them to "Remote APs managed by a Mobility Controller." Would that cause a lot of my issues from being fixed? 

What AP would be recommend for these devices? 

I was looking at the Aruba 7008 8-Port 100W PoE+. What is a small device I could use with these? 

Thanks! 

The Instant APs do exactly what you intend to do, they tag the VLAN and bridge the packets into the wired network - without routing.
For instant clustering to be established, all APs must be in the same VLAN. Switch ports must be configured in trunk mode. The AP management traffic remains in the native VLAN. If you tag WLAN traffic, the corresponding VLANs must be tagged on the switch por, then you can route the traffic on the firewall. If you do not set a VLAN in the WLAN profile, the user traffic also remains in the native VLAN. 

Instant APs don't do routing. so what are these weird bugs you are seeing? 

Hello everyone, 

I have been working with these three access points 1x AP505 and 2x AP505H controllerless and it's been a nightmare. I think the best bet is for me to purchase a virtual controller for these devices and just bite the bullet.  I want to do all my routing on my firewall and treat the access points like layer 2 switches. Would this help mitigate a lot of the weird bugs I'm getting with my wireless devices? The access point traffic is currently traveling through my Cisco switches, but printers and other devices seem to have random bugs that I cannot diagnose.

After getting the controller I would change them to "Remote APs managed by a Mobility Controller." Would that cause a lot of my issues from being fixed? 

What AP would be recommend for these devices? 

I was looking at the Aruba 7008 8-Port 100W PoE+. What is a small device I could use with these? 

Thanks! 

That's how I have everything configured but I'm still confused about a few things within the settings. These APs have a lot of places where the VLAN can be configured. 

For example. 

I can set my VLAN for each network in Configure -> Security -> Roles -> Network. Then I assign each network a VLAN. Is this only used if you have a controller?

The each of my SSIDs/networks are setup in Configure -> Networks -> Edit networks and my VLANs are set as network assigned and static. 

Then under configure -> system -> advanced. I have my "Uplink switch native VLAN" set to the native VLAN on my switch. 

However, in Configure -> Access points -> Uplink. There is another option for "Uplink management VLAN". This seems like you can set it individually within each AP. I currently have this set to my MGMT VLAN which is not my native VLAN. Right now I just have native VLAN set to some unsused VLAN across my network. What is the purpose of this "Uplink management VLAN" and the fact that it's different than my native vlan? 

You can also set the native vlan in the "default_wired_port_profile," which i set to each port to the native vlan for each switch, but as far as I understand this is not used. My ap's each only have one uplink port. 

All of my switchports are in trunk mode carrying the VLANs. 

Does this configuration have any issues? 

The Instant APs do exactly what you intend to do, they tag the VLAN and bridge the packets into the wired network - without routing.
For instant clustering to be established, all APs must be in the same VLAN. Switch ports must be configured in trunk mode. The AP management traffic remains in the native VLAN. If you tag WLAN traffic, the corresponding VLANs must be tagged on the switch por, then you can route the traffic on the firewall. If you do not set a VLAN in the WLAN profile, the user traffic also remains in the native VLAN. 

Instant APs don't do routing. so what are these weird bugs you are seeing? 

Hello everyone, 

I have been working with these three access points 1x AP505 and 2x AP505H controllerless and it's been a nightmare. I think the best bet is for me to purchase a virtual controller for these devices and just bite the bullet.  I want to do all my routing on my firewall and treat the access points like layer 2 switches. Would this help mitigate a lot of the weird bugs I'm getting with my wireless devices? The access point traffic is currently traveling through my Cisco switches, but printers and other devices seem to have random bugs that I cannot diagnose.

After getting the controller I would change them to "Remote APs managed by a Mobility Controller." Would that cause a lot of my issues from being fixed? 

What AP would be recommend for these devices? 

I was looking at the Aruba 7008 8-Port 100W PoE+. What is a small device I could use with these? 

Thanks! 

It's a very good question that you ask.
We have to differentiate between user traffic or the dataplane and ap/controller traffic or the control plane. 
Everything you set in SSIDs/networks or under Security -> Roles is dataplane. You can set the VLAN in the network profile, if necessary you can overwrite it by setting an aruba-user-role via Radius. Or set a VLAN directly via Radius. How ever , you must explicitly allow these VLANs on the switch port.

Now to the controll plane. From the access point point of view, the controll plane traffic is always untagged in VLAN 1. As long as you do not need to use VLAN 1 for user traffic/dataplane - leave everything in the default state and do not change any VLAN settings under Uplink or System. Simply configure the AP management VLAN as native VLAN on the switch ports. From the AP's point of view, VLAN 1 is switched to the native VLAN on the switch side and then back again. This is the ideal condition. The APs do not need to be provisioned. You simply connect them to the configured ports, they jon to the cluster and everything works.

That's how I have everything configured but I'm still confused about a few things within the settings. These APs have a lot of places where the VLAN can be configured. 

For example. 

I can set my VLAN for each network in Configure -> Security -> Roles -> Network. Then I assign each network a VLAN. Is this only used if you have a controller?

The each of my SSIDs/networks are setup in Configure -> Networks -> Edit networks and my VLANs are set as network assigned and static. 

Then under configure -> system -> advanced. I have my "Uplink switch native VLAN" set to the native VLAN on my switch. 

However, in Configure -> Access points -> Uplink. There is another option for "Uplink management VLAN". This seems like you can set it individually within each AP. I currently have this set to my MGMT VLAN which is not my native VLAN. Right now I just have native VLAN set to some unsused VLAN across my network. What is the purpose of this "Uplink management VLAN" and the fact that it's different than my native vlan? 

You can also set the native vlan in the "default_wired_port_profile," which i set to each port to the native vlan for each switch, but as far as I understand this is not used. My ap's each only have one uplink port. 

All of my switchports are in trunk mode carrying the VLANs. 

Does this configuration have any issues? 

The Instant APs do exactly what you intend to do, they tag the VLAN and bridge the packets into the wired network - without routing.
For instant clustering to be established, all APs must be in the same VLAN. Switch ports must be configured in trunk mode. The AP management traffic remains in the native VLAN. If you tag WLAN traffic, the corresponding VLANs must be tagged on the switch por, then you can route the traffic on the firewall. If you do not set a VLAN in the WLAN profile, the user traffic also remains in the native VLAN. 

Instant APs don't do routing. so what are these weird bugs you are seeing? 

Hello everyone, 

I have been working with these three access points 1x AP505 and 2x AP505H controllerless and it's been a nightmare. I think the best bet is for me to purchase a virtual controller for these devices and just bite the bullet.  I want to do all my routing on my firewall and treat the access points like layer 2 switches. Would this help mitigate a lot of the weird bugs I'm getting with my wireless devices? The access point traffic is currently traveling through my Cisco switches, but printers and other devices seem to have random bugs that I cannot diagnose.

After getting the controller I would change them to "Remote APs managed by a Mobility Controller." Would that cause a lot of my issues from being fixed? 

What AP would be recommend for these devices? 

I was looking at the Aruba 7008 8-Port 100W PoE+. What is a small device I could use with these? 

Thanks!