Controllerless Networks

New Contributor

Controller vs IAP Advice

Hi there,

I just need a clarification  of the below scenario. We  have recently put in a Aruba Solution at our office. We have the below components.

  • Aruba IAP-135
  • ClearPass
  • Airwave for management
  • Mobility controller -625 acting as Anchor controller.


We have about 50 remote offices and we have deployed wifi to about 10 sites with IAPs.

We have the Airwave, Clearpass & Anchor controller at the HQ. Anchor controller is used for Guest captive portal.


My question is since we are in process of deploying WiFi across all other remote sites, is this setup of running IAP better? When do we need to think of centralized controller setup. We are currently happy with the way the wifi are setup, but wanted to make sure whether it is ok to continue to use IAPs? Max APs in one site would be around 15.

Guru Elite

Re: Controller vs IAP Advice

Generally speaking, this sounds like an IAP deployment with a central controller(s) providing VPN services back into your corporate network. Guest can be handled locally.

Do you have an Aruba partner you can work with on the design? These questions are sometimes hard to answer without more context.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Controller vs IAP Advice

Just Guest users are centrally switched. Corp users are switched locally.

No VPN is being used currently apart from Guest SSID tunnelling(GRE) to Anchor controller. 

IAP are currently run as only pure APs without any VPN or firewall functions.

Yes as you suggested we are getting Partner advice, but it is taking a while, as they are pretty busy. 


Thanks for assisting. 


Re: Controller vs IAP Advice

It sounds like a good design to me - somewhat like our own.

We have 100+ remote locations with 10-18 iAP each - managed from Airwave.

We have 5 locations with 1000-140 AP each - managed from controllers (1 per site with backup from HQ) and minitored from Airwave.

We use Clearpass for corporate cert-based AAA and Controller based guest Auth over GRE tunnels as well.

We're planning to use Clearpass for the guest auth soon.


if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: