Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

RAP without Controller

This thread has been viewed 6 times

  • 1.  RAP without Controller

    MVP
    Posted Jan 03, 2020 04:57 AM

    Hi everyone,

     

    we use several IAPs (305 & 335) in our company. Now we plan to deploy a WLAN on a remote site  Is it possible to connect a RAP to our network without the use of Controller?



  • 2.  RE: RAP without Controller

    MVP EXPERT
    Posted Jan 03, 2020 05:12 AM

    A IAP cluster on one site can run without the need of a controller. If you like to use the RAP (Remote Access Point) functionality a secure encrypted (IPSEC) VPN connection is setup to the datacenter.

     

    RAP or IAP-VPN can only be terminated on a Aruba Mobility Controller thats configured as the VPN concentrator. Therefore you need a central controller to make this possible.

     



  • 3.  RE: RAP without Controller

    MVP
    Posted Jan 03, 2020 05:46 AM

    Can it be a solution to do the following:
    Have a public ip address port forwarding the necessary ports, PAPI, GRE, NAT towards the Instant AP Master Controller

    Have the Remote Instant AP provisioned with the public ip address, which then will forward traffic to the Instant AP who is acting as a master.



  • 4.  RE: RAP without Controller

    EMPLOYEE
    Posted Jan 03, 2020 06:24 AM
    @MatthiasP wrote:

    Hi everyone,

     

    we use several IAPs (305 & 335) in our company. Now we plan to deploy a WLAN on a remote site  Is it possible to connect a RAP to our network without the use of Controller?

    What are you trying to accomplish?



  • 5.  RE: RAP without Controller

    MVP EXPERT
    Posted Jan 03, 2020 06:34 AM
    1. All AP in a instant cluster must be layer 2 connected.
    2. GRE tunnels are not encrypted (like IPSEC) and therefore not useable for a public WAN connections.
    3. But you can create a new IAP cluster on a remote site, use aruba central for single point of management if you want. For the connection between multiple branches you can use a thirdparty VPN maybe from your own firewalls (Firewall to Firewall, not AP to Firewall).
    4. Aruba have nice solutions like SD-Branch, IAP-VPN, but in all this cases you need controllers. (our your own vpn solutions).

    Thats so far i understand ;).



  • 6.  RE: RAP without Controller

    MVP
    Posted Jan 04, 2020 03:36 PM
    We have several offices, with Firewalls on each site. The sites are connected via VPN. So we decided to work with IAPs without controller. We have an Airwave Server installed on one site. This works fine without any problems.

    Want we want to do: we have some guest houses, which have no firewall and no VPN connection to the main building. We want to radiate our company WLAN at the guest house. We are also looking for a solution to radiate the company WLAN in changing locations like tech fairs, customer sites, etc.


  • 7.  RE: RAP without Controller

    MVP EXPERT
    Posted Jan 04, 2020 03:54 PM

    For small branch office you can work with IAP-VPN, but at the datacenter you need a mobility controller that acts as a VPNC Concentrator. Note that the contoller wil not manage any AP but is only used for VPN.

     

    A instant AP (or cluster) cannot be act as VPNC Concentrator only a Aruba mobility controller can do that.

     

    https://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/IAP_VPN/rapNG_arch.htm

     

    See also...

     

    https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/IAP_VPN/Intro.htm