Wireless Access

My customer has 3 regioanl office (RO 1, 2, 3). All respective regional office has it own DHCP server for it end point device, but the Aruba controller was at HQ office. Connection between the HQ office and regional office is using IP-VPN. All 3 regional office will use IAP305, cause my customer want to centrally manage all the Aruba AP. My customer want the wireless end point device the get the IP address locally and not from the Aruba controller at HQ office. May I know which mode should I use is bridge and split tunnel mode? Please advise and give some guide. Now Aruba controller running AOS 6.5

Are these Campus AP's or Remote AP's? If there is already a VPN between the two then I suspect you will not need to configure as Remote AP's. So if a Campus AP, either Bridge or Tunnel will be your forwarding selection depending on the requirements.

My customer main objective as below:

*  For all staff wireless end point device get the IP address locally from the regional office's DHCP server, is not       from HQ  office.

*  my customer another requirement which is for Guest and mobile SSID get the DHCP IP from the Aruba           

   controller at HQ office.

*  All regional office's Aruba AP must be manageable by Aruba controller at HQ office.

Can it be done as above requirement? Please advise.

If configure IAP305 as Campus AP with bridge or tunnel, which one is better? What are the requirement and info are needed for both (bridge or tunnel)?

All of your customer requirements can be achieved using a physical controller. You've mentioned an IAP, this does not use a physical controller. The terms tunnel, split tunnel and bridge are usually associated when using a physical controller. See below:

https://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/VirtualAPs/Virtual_AP_Profiles.htm%3FTocPath%3DVirtual%20APs%7C_____2

If you are looking at the Instant product line, requirements 1 and 2 will be met, as for requirement 3 you would need a centralized management solution such as AirWave or Aruba Central. If not each Aruba Instant site will be managed as a separate entity.

My customer just bought IAP305 and conver it to campus AP to the Aruba controller.

Perfect, so you can use the tunnel options. The link provided above identifies the options and their use cases.

Ok. You mean use tunnel model as below requirement? No need use bridge mode?

*  For all staff wireless end point device get the IP address locally from the regional office's DHCP server, is not  from HQ  office.

*  my customer another requirement which is for Guest and mobile SSID get the DHCP IP from the Aruba  controller at HQ office.

For Staff you can use tunnel or bridge, as long as there is a DHCP server available in the local VLAN. For Guest, you would use tunnel mode as the Captive Portal traffic will need to be tunneled to the controller in order for the Captive Portal to be displayed.

All 3 regional office was flat network and don't have VLAN because it is small branch office.

As for Guest SSID, customer said they wan to use WPA2 instead of captive portal.