Controllerless Networks

Hi All,

I am  very confused if i should go with the Instant cluster (IAP) type of deployment or I will go with the campus mode deployment.

I am getting very confused. Please if someone can help me on this.

NOTE: The network is MPLS , all sites connect to each other over the MPLS. I need to provide the solution for CORP_SSID and GUEST_SSID

Internet for remote users will be at the centralized DC or DR location.

Thanks

You should speak to your Aruba sales person for advice specific to your situation.

Campus is typically for a deployment with a fast LAN (gigabit ethernet) between all access points.  If you have a distributed enterprise like you mention, you should deploy IAP clusters in general.

Please confirm if my understanding is correct :-

IAP Cluster:-

1) The VC is elected from the cluster of IAP's, if VC goes down the other VC gets elected, i would like to know will it impact all the existing users who are on the wireless network (with all AP's at site) or it will just impact to the users who are connected to that VC which has gone down.

2) In the IAP cluster, does all traffic is IPSec tunneled or can i locally switch the traffic. I mean to say, Can i locally route the CORP traffic and I want to tunnel the IPSec traffic for Guest user only.

3) IAP cluster can be managed by Airwave and RAP's has to be manage by Mobility Master

Campus Mode Deployment :-

1) Do I Need to have single Branch constroller or multiple branch controller for redudancy.

2) In this deployment, do I really need the Wireless Controller at my data centers for example - WLC 7210 for CORP and Guest Traffic

NOTE: I would be using the clearpass, Airwave and Mobility Master in both type of deployment.

Also, I would like to know in details about the Prons and Cons of IAP type deployment and Campus mode deployment.

Again you have alot of questions and you should engage your local Aruba for specific answers before making any decision.  I will attempt to give general answers below.

1.  In general it will only affect the users on that access point.  They should roam to another AP that is in range.

2.  In IAP, by default, all traffic is locally switched.  That is the benefit of IAP in the distributed enterprise.  You have the option of tunneling Guest traffic back to an Aruba hardware controller.

3.  Instant APs are managed by the Virtual Controller elected in a cluster.  Optionally they can be managed by Airwave.  A remote AP must terminate on a hardware controller that is managed by an MM in ArubaOS 8.0 and above.

Campus

1.  Single

2.  That is a design question and a choice.  Typically your controller would need to be where your clients traffic would physically enter the network.  It would just need to be able to route to datacenter resources for things like radius authentication and external captive portal.  Again, where you deploy and how you design is an engineering decision and should be discussed with an Aruba Sales Representative in detail.

The Campus deployment is optimized in general for gigabit ethernet between access points and hardware controllers.  The Instant deployment is optimized for distributed deployments where the speed between sites is less that gigabit ethernet.  Most larger companies use a combination of both.

See what your deployment type is using the wizard here:  http://www.arubanetworks.com/smb-product-wizard/?source=homepage

Thank you so much for your response. I really apprecipate your response on this.

In campus mode, when i deploy branch controller, In this scenario I do not require the wireless LAN controller in the Data Center and I can form the cluster of these branch controllers for failover scenario? so that when one branch controller goes down, all access point should fall back to the other branch controller?

But I belive, for Guest Traffic, as they would be using the captive portal for the guest. I belive for that I need to have the wireless controller in the DMZ where my internet is hosted which will service the internet access for Guest users to those branch side.

Thanks

Campus Mode = Hardware Controller + Access Points

Instant Mode = Access points with a single access point being the Virtual Controller controlling a cluster of access points.

If you deploy in Campus Mode, it would require a hardware controller somewhere. 

If you have alot of branches, you might want to deploy in instant mode, which is a group of access points at a location without a controller.  If you deploy in instant mode, you can tunnel guest traffic back to a hardware controller in the DMZ.  You can then put whatever captive portal that you want behind that DMZ hardware controller.

One more question I have :-

I am using the IAP-315 Model.

I will have two SSID in my network

1) CORP_SSID

2) GUEST_SSID

I would like to switch or route the CORP SSID locally. However, I want that my guest traffic would go via the DMZ controller which is hosted in the Data Center at a centralized location.

If i can controll the traffic between CORP and GUEST SSID that CORP traffic will be locally routed and Guest traffic will be IPSec Tunnel to my DMZ controller. Then what is that configuration option, this is something I have to do inside the SSID of that VC controller.

If you can share the exact path where this particular configuration for CORP and GUEST, I would have to do, it will be great.

Thanks

By default, any SSID configured with a "Network Assigned" vlan will be switched locally with Aruba Instant (IAP).  If you want to make a vlan that will be tunneled back to a controller in your DMZ, you would need to create an IAP-VPN tunnel from the IAP cluster to the cotroller:

http://community.arubanetworks.com/t5/Controllerless-Networks/Tutorial-Building-a-VPN-from-a-IAP-Cluster-to-a-Wireless/td-p/122585

Thank you so much for your time on this.

So this means, for CORP SSID, on the VC I can configure the "Network Assigned" vlan will be switched locally with Aruba Instant (IAP). 

and from the same VC, I can configure for the Guest SSID to make a vlan that will be tunneled back to a controller in your DMZ, As you mentioned I would need to create an IAP-VPN tunnel from the IAP cluster to the cotroller.

So my question is this I can do this from same VC for CORP SSID to switch locally and from the same VC i can tunnel the GUEST SSID to DMZ in Data Center

I am hoping that this can be done, but i don't want to take chances and wanted to be 200% sure on this.

To me I still feel that this feature where we have to Tunnel the traffic or switch locally. This feature is available as a global paramters. we can not do this per SSID basis. Not sure if I am correct or not.

You can have a combination of tunneled and locally switched SSIDs.  Again, please consult your local Aruba Sales team to ensure that you are making the proper decision for your deployment.  I am only answering in general to your questions.