Controller-less WLANs

How can we send Central traffic outside IAP-VPN tunnel ?

Beginning 8.3, we can send traffic destined to Aruba Central outside VPN tunnel in case IAP-VPN is in use.

• Customers would like to send all user generated traffic within the VPN tunnel to their data center, and have the traffic to Activate/Central to be sent outside the tunnel over the internet directly.
• Before 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will follow global route setting via tunnel.
• In 8.3.0.0, if default route is VPN tunnel, IAP traffic to Activate/Central will be routed via IAP’s local gateway.

The feature will enable automatically when IAP default route is set to  tunnel.

To manage traffic sent to Activate/Central, IAP introduced cloud domain list.

During connection with Central, IAP will add below domain & IP addresses into cloud domain list:

1. Activate domain “device.arubanetworks.com” by default.
2. Central domain which it receives from Activate.
3. Websocket address redirected by Central.
4. Additional domain/IP pushed from Central (eg. cloud guest);  

Example:

IAP# show ap debug cloud-domain-list 

Cloud Domain List
-----------------
cloud-domain
------------ 
device.arubanetworks.com              ------>>>> Activate domain
34.213.76.57                                        ------>>>> Central websocket IP address

This article applies beginning 8.3 version.