Wireless Access

Reply
Highlighted
Occasional Contributor I

Aruba Anchor Configuration with 802.1x

I am looking to setup a configuration similar to a Cisco Anchor controller configuration.  The SSID needs to be configured as WPA/WPA2 Enterprise.  The AP would terminate to Controller A and then tunnel (Anchor) the user traffic to Controller B.  Controller B would handle Authentication (Radius) for the clients and client traffic.  I have configured this before on Cisco but is there a similar way to accomplish with on Aruba?


Accepted Solutions
Highlighted

Re: Aruba Anchor Configuration with 802.1x

The old way is: create a gre tunnel between 2 controllers.

 

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468

 

The new way (AOS8 only): use multizone to terminate an AP to a 2nd controller/cluster.

https://community.arubanetworks.com/t5/Wireless-Access/How-to-Configure-Multizone/td-p/481727

 



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -

View solution in original post


All Replies
Highlighted

Re: Aruba Anchor Configuration with 802.1x

The old way is: create a gre tunnel between 2 controllers.

 

https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468

 

The new way (AOS8 only): use multizone to terminate an AP to a 2nd controller/cluster.

https://community.arubanetworks.com/t5/Wireless-Access/How-to-Configure-Multizone/td-p/481727

 



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -

View solution in original post

Highlighted
Occasional Contributor I

Re: Aruba Anchor Configuration with 802.1x

Fabian,

 

Thank you very much for the information,  I have read the "old" documentation and understand the setup.  The example given is for an open SSID, is it possible to adapt it for a WPA/WPA2 802.1x SSID.  Creating the SSID on Controller A requires a AAA Profile but the requirement would be to perform authentication on Controller B.

 

Thank you,

Mike

Highlighted
Aruba

Re: Aruba Anchor Configuration with 802.1x

You are correct; for 802.1X authenticated SSIDs, the controller advertising the SSID needs to do the authentication.   You can then send the user through the tunnel; but if you need the authentication to happen at the remote controller; MultiZone in AOS8 might be a better solution.

 

In short, L2 security is handled at the internal controller; L3 security can be done on either internal or anchor/DMZ.

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: