Controllerless Networks

Hello,

I have a question on the best method to setup our remote offices with our new Aruba APs. Here's the current situation:

• Corporate office with one subnet (10.1.1.0/24), all APs up and running under InstantOS using a local Windows RADIUS server. Two SSIDs, Corp and Guest
• Remote offices (three offices) are connected via MPLS and each have their own single subnet (10.1.2.0/24 and so on) and can see the Corporate subnet. 
• Two of the remote offices will have a IAP215 and IAP205 and one office will have a single IAP205
• I'd like to have the same SSID setup for all offices of Corp and Guest.
• I have 5 Aruba Central licenses which I had planned to manage the remote office locations. Not sure if that's the best way though.

I don't mind managing the three remote offices via Aruba Central but I did want to ensure that the same RADIUS setup can be utilized for user authentication. We are doing 802.1x EAP with no user or computer certificates.

I can provide more information if necessary but I'm looking for some best direction at this point.

Thanks,

RH

HI,

It is absolutely possible. As long as RADIUS server is reachable from the remote offices, you should not have any issue. only concern is, how secure your VPN is ? on top of that you are not using Client certificate for outer tunnel. 

Bottom line is, deployment wise it is possible, you need to think from security point of view.

Please feel free for any further clarity needed.