Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Anchor Mobility Controller for RAPs?

This thread has been viewed 1 times

  • 1.  Anchor Mobility Controller for RAPs?

    Posted Aug 26, 2015 12:13 AM

    As part of a larger expansion and migration, I'll be replacing a customer's 2 3600 MCs with new 7205 MCs.  These new MCs will be moved from outside in the DMZ and into the customer's production network.  It had been suggested to them that one of the old 3600s should be re-purposed as a DMZ Anchor Controller to accept RAPs terminating from the Internet.  Two questions: I can't find this scenario described in detail ie. what do I need to configure specifically, and second, is this necessary? Thanks in advance.


    #7205


  • 2.  RE: Anchor Mobility Controller for RAPs?
    Best Answer

    EMPLOYEE
    Posted Aug 26, 2015 12:17 AM
    I generally terminate RAPs on an internal controller. With strong authentication and policy, the devices will be the same as if they were on prem.


    Thanks,
    Tim


  • 3.  RE: Anchor Mobility Controller for RAPs?

    EMPLOYEE
    Posted Aug 26, 2015 12:19 AM

    The "Anchor" controller concept was a way to tunnel guest traffic from an internal controller to another controller located in the DMZ.  It was implemented to provide separation, because non-Aruba controllers  did not have a built-in firewall to keep guest traffic off of the internal network;  An "Anchor" controller was the only way.  You can still repurpose the 3600s as "Anchor" controllers for guest traffic, if that is what you want to do.  They are not needed, however for RAPs.

     

    If you want to read about how to do it, the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468 describes the guest tunneling configuration in detail.

     



  • 4.  RE: Anchor Mobility Controller for RAPs?

    Posted Aug 26, 2015 12:23 AM

    Thanks a lot Tim and Colin for the quick replies.

    That's kind of how I looked at as well, I didn't see the value or requirement, but didn't want to undermine the suggesting SE outright without canvassing opinions.  There is no guest WLAN as it would be thought of conventionally, so no client traffic egressing.

    I'll just terminate those RAPs as per usual to the internals and call it a day.

    Again, appreciate the quick answers.



  • 5.  RE: Anchor Mobility Controller for RAPs?

    EMPLOYEE
    Posted Aug 26, 2015 12:39 AM

    Note as well that some of the more advanced AOS features won’t be supported on the 3x00 controllers whereas they will be on the 7205. If it's for RAPs, I would put them on the 7205 (that could be your justification for those that just want to see an anchor controller).