Controllerless Networks

Reply
New Contributor

RAP without Controller

Hi everyone,

 

we use several IAPs (305 & 335) in our company. Now we plan to deploy a WLAN on a remote site  Is it possible to connect a RAP to our network without the use of Controller?

MVP Expert
MVP Expert

Re: RAP without Controller

A IAP cluster on one site can run without the need of a controller. If you like to use the RAP (Remote Access Point) functionality a secure encrypted (IPSEC) VPN connection is setup to the datacenter.

 

RAP or IAP-VPN can only be terminated on a Aruba Mobility Controller thats configured as the VPN concentrator. Therefore you need a central controller to make this possible.

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Contributor I

Re: RAP without Controller

Can it be a solution to do the following:
Have a public ip address port forwarding the necessary ports, PAPI, GRE, NAT towards the Instant AP Master Controller

Have the Remote Instant AP provisioned with the public ip address, which then will forward traffic to the Instant AP who is acting as a master.

Guru Elite

Re: RAP without Controller


@MatthiasP wrote:

Hi everyone,

 

we use several IAPs (305 & 335) in our company. Now we plan to deploy a WLAN on a remote site  Is it possible to connect a RAP to our network without the use of Controller?


What are you trying to accomplish?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
MVP Expert
MVP Expert

Re: RAP without Controller

  1. All AP in a instant cluster must be layer 2 connected.
  2. GRE tunnels are not encrypted (like IPSEC) and therefore not useable for a public WAN connections.
  3. But you can create a new IAP cluster on a remote site, use aruba central for single point of management if you want. For the connection between multiple branches you can use a thirdparty VPN maybe from your own firewalls (Firewall to Firewall, not AP to Firewall).
  4. Aruba have nice solutions like SD-Branch, IAP-VPN, but in all this cases you need controllers. (our your own vpn solutions).

Thats so far i understand ;).

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
New Contributor

Re: RAP without Controller

We have several offices, with Firewalls on each site. The sites are connected via VPN. So we decided to work with IAPs without controller. We have an Airwave Server installed on one site. This works fine without any problems.

Want we want to do: we have some guest houses, which have no firewall and no VPN connection to the main building. We want to radiate our company WLAN at the guest house. We are also looking for a solution to radiate the company WLAN in changing locations like tech fairs, customer sites, etc.
MVP Expert
MVP Expert

Re: RAP without Controller

For small branch office you can work with IAP-VPN, but at the datacenter you need a mobility controller that acts as a VPNC Concentrator. Note that the contoller wil not manage any AP but is only used for VPN.

 

A instant AP (or cluster) cannot be act as VPNC Concentrator only a Aruba mobility controller can do that.

 

https://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/IAP_VPN/rapNG_arch.htm

 

See also...

 

https://www.arubanetworks.com/techdocs/Instant_83_WebHelp/Content/Instant_UG/IAP_VPN/Intro.htm

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: