Wireless Access

 View Only
last person joined: 23 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Mobility controller as gateway of AP management network

This thread has been viewed 16 times
  • 1.  Mobility controller as gateway of AP management network

    Posted Jul 01, 2022 09:30 AM
    Hello

    I have some questions and I hope you will share your experience.

    I have Mobility master and two MC 7220 in vrrp cluster

    I have few campus with APs, APs management network L3 interface is on firewall now.

    So, I want to change L3 interface from firewall to MC or ZL5412 aggregation switch,
     because i dont want to pass double traffic between network devices.

    What is the best practices for design perspective? 

    Thank you.


  • 2.  RE: Mobility controller as gateway of AP management network

    EMPLOYEE
    Posted Jul 01, 2022 10:30 AM
    the best practice is that your Aruba controllers should just be an adjunct to the network and not route any traffic.  The network aggregation switch is fine as the default gateway, but do not make any controller, especially the controller in a cluster the default gateway for any traffic.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: Mobility controller as gateway of AP management network

    Posted Jul 02, 2022 02:16 AM
    Thank you for your answer,

    The controller have capabilities to pass 40gbps firewall traffic,
    Why is this a bad idea to only pass AP management L3 interface through controller?
    The controller is terminating GRE tunnels to APs anyway.


  • 4.  RE: Mobility controller as gateway of AP management network

    EMPLOYEE
    Posted Jul 02, 2022 07:06 AM
    - Controller resources are not infinite.  You only want the controller to do what is necessary for the system and no more.  Every resource you take from the controller takes from its ability to encrypt, decrypt and transport user traffic:  you typically don't want that
    - Routers and switches are made to route and switch.  You want those devices to continue to do that, so that if you have support staff that has to troubleshoot routing, switching and redundancy, they can continue troubleshooting routing and switching equipment that they are familiar with and not Aruba Controllers, which are not designed to route and switch.
    - Controllers that are clustered should not be routing traffic, because if they become unavailable, there has to be a mechanism for another controller to replace it in the routing hierarchy.  This could complicate a routing/switching troubleshooting event or episode.

    I could go on and on, but in the end, that is just not what they are designed for.  You could certainly still configure it in that manner, it just could create issues in the future.

    That is my opinion.  


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 5.  RE: Mobility controller as gateway of AP management network

    Posted Jul 02, 2022 09:47 AM
    Okay, Thank you for your opinion.