Hi.
Exactly correct. You need to trunk all vlans to all APs for local bridge configuration to work. You need to treat each AP as it's own entity. The same is valid also for RADIUS. Each AP need to be added to RADIUS if you use it.
Original Message:
Sent: Aug 09, 2024 09:22 AM
From: dbthoma
Subject: Network Flow for Aruba 535 APs to Aruba Central and Internal Network
Thanks for your response!
Yeah we would be using version 10.
So it looks like, from what I am gathering from your response, a gateway is not required if you have less than 500 APs. However if we are wanting to tunnel traffic back to HQ, it would be required. Otherwise, everything would be locally bridged and the configurations for handling that traffic would need to reflect on switches/routers the APs are sending traffic through.
Does that sound correct?
Original Message:
Sent: Aug 09, 2024 01:40 AM
From: GorazdKikelj
Subject: Network Flow for Aruba 535 APs to Aruba Central and Internal Network
Hi.
Just a quick to be answer to your questions.
First step is very simmilar to all type of deployments. AP will get IP address from DHCP or have a fixed IP configured.
Next steps depend on type of deployment, AP type, FW version.
You only mention Aruba Central and no FW version 8 or 10.
In both cases AP will contact Aruba Central via HTTPS. Now depend on the version.
In V8 APs in the same VLAN will form a cluster and select an AP to become a virtual controller. This AP will then manage the cluster and connection with Central. User traffic stays localy and it is never sent to Central in all cases.
In V10 all APs are standalone and establish connection to Central. There is a provision with Aruba Gateways to aggregate AP management raffic via GW, but it's not required below 500 APs. Data traffic now has several possibilities. It can be localy bridged, it can be tunneled via GW if you have it, it can be tunneled to Aruba GW acting as VPN concentrator on the for example HQ site. This iis known as SD-BRANCH and it is designed for remote locations.
In all those cases the configuration is pushed from Aruba Central to APs and GWs. They store it localy and can provide the service even in the case of Aruba Central inaccessibility.
Now what is a controller depend on deployment type. In Instant AP deployment one AP will act as virtual controller and manage all other APs. In AOS10 deployment Aruba Central is acting like a "controller" for management traffic, but no data traffic is sent to Central. So no, you can't tunnel traffic betwen AP and HQ via Aruba Central. Yoiu need a GW to tunnel the traffic if you would like to do that.
Best, Gorazd
------------------------------
Gorazd Kikelj
MVP Guru 2024
Original Message:
Sent: Aug 08, 2024 03:49 PM
From: dbthoma
Subject: Network Flow for Aruba 535 APs to Aruba Central and Internal Network
Hey there,
I'm new to using Aruba and I'm currently tasked with working towards setting up some Aruba 535's at a semi-remote location for a client. They are utilizing Aruba Central and currently do not have Aruba Switches in place (That is the plan in the near future).
Currently there is a Cisco Core Switch Stack and an Cisco Access switch. The egress is a Cisco ASA. Currently DHCP is on servers at the HQ, so routing/policies are in place already for devices at the remote location to retrieve DHCP from these servers at HQ. What I am trying to understand is how traffic flow works for these AP's, up until recently they utilized Cisco AP's that would tunnel back to a controller located at HQ. Does Aruba Central act as a controller? Or would I essentially make sure that the proper VLAN/IP settings are correct, having the Aruba APs on the proper VLAN, then the Aruba AP would grab it's IP via DHCP correlating with the VLAN, AP would connect to the internet and reach Aruba Central, Grab it's configuration?
Just getting confused on how this traffic, DHCP, and configurations would be handled if there is no controller to tunnel back to?
Any light shed on this so I'm not so confu