Wireless Access

Hello,

 

I am a beginner on Aruba, but I well know others manufacturer Wifi products.

I am testing Aruba products in Aruba OS V6.1 (A620 + AP105 + AP93) with SSID in "bridge" mode.

it appears that "bridge" mode have less features than "tunnel" mode (user derivationrule for example).

Does someone have a document or can explain me the features differences between the two modes ?

 

thanks,

Movilann 

 

I believe the RAP VRD available at http://www.arubanetworks.com/wp-content/uploads/RAPVRD_version_8.pdf will be a good source to look at the difference between the 3 forwarding modes.

Look at Chapter 11 Forwarding Modes

Hello here you will see more information about that topic of Bridge mode in campus mode in which i think you are referring to

 

http://www.arubanetworks.com/pdf/technology/DG_Mobility-Controllers-Deployment-Models-5.0-VRD.pdf

Page 41 and 42

 

Also this is what it says on the user guide

 

User guides does point you a list of features you loose on bridge mode page 803

 

Most ArubaOS features are supported in all forwarding modes. However, there are a some features that are
not supported in one or more forwarding modes. Campus APs do not support split-tunnel forwarding mode
and the decrypt-tunnel forwarding mode does not support TKIP Counter measure management on campus
APs or remote APs.

Bridge mode

Firewall—SIP/SCCP/RTP/RTSP Voice Support
Firewall—Alcatel NOE Support
Voice over Mesh
Video over Mesh
Named VLAN
Captive portal
Rate Limiting for broadcast/multicast
Power save: Wireless battery boost
Power save: Drop wireless multicast traffic
Power save: Proxy ARP (global)
Power save: Proxy ARP (per-SSID)
Automatic Voice Flow Classification

SIP ALG
SIP: SIP authentication tracking
SIP: CAC enforcement enhancements
SIP: Phone number awareness
SIP: R-Value computation
SIP: Delay measurement
Management: Voice-specific views
Management: Voice client statistics
Management: Voice client troubleshooting
Voice protocol monitoring/reporting
SVP ALG
H.323 ALG
Vocera ALG
SCCP ALG
NOE ALG
Layer 3 Mobility
IGMP Proxy Mobility
Mobile IP
TKIP countermeasure mgmt
Bandwidth based CAC
Dynamic Multicast Optimization

 

Hi,

thanks for your reply.

the list is not complete, you can add:

- User derivated rules

- firewall rules logging to syslog server

 

I am disapointed, it will be difficult to deploy 802.11n architecture with hight throutputs (video), or optimized data management (VLAN RADIUS attribut) because if I want these features I must use the "tunnel" mode and concentrated all the data flows to the wireless controller. The controller could be the bottleneck of my Wifi network.

 

thanks,

Movilann

Just curious, but have you done any throughput testing that shows that the controller is the bottle neck?

Are yousure derived roles does not work?

Because they are working just fine on bridge mode on my lab...

 

I also got many deployment in which they want to put the controller on IDC.... which is located obiosly not in their central or remote branches

The thing is that to not saturate their link to the IDC i explain them how does the solution work and i give them the option of putting the APS on bridge mode.

Some of them tell me no there is no issue put them on tunnel mode... or other clients just tell me well i got slow links ill need you to put it on bridge mode...

The thing is that on the VRD this scenario does not exist so i dont have any aruba recommendation fo rhtis specfic scenario....

I do point them the list of features they loss.

It does not appear on that list but you can add DHCP fingerprint.... it doesnt work on AP Campus bridge mode... at least that what is says the documentation of fingerprint

I was concerned about the controller being a bottleneck in my environment too... but when I looked at the interface on the controller I found that it was only averaging about a 25% load - with occasional peaks.

 

This is on a site with about 100 APs and 1000 clients doing everything from Facebook to Netflix.

In the case of vm version controller. I think the bottleneck would be on the physical interface of the server. Then bridge mode would be the recommended.

Any comment please.

Link doesnt work