Wireless Access

Reply

Captive portal traffic on local controller

Hello

I have the fallowing scenario

the client has 1 master and 1 stanby controller on datacenter

 

They got local controllers on many different sites.

 

Right now they got a dmz on the data center and the guest users goes to internet through  the datacenter.

 

The problem with this is that it consume the BW of links between the local sites and the data center.

 

So now they want to put an internet on each site.  They will have a firewall in each local site with an internet conection on it and they want that each site goes to internet using their local  internet

 

I though i could do this wth clearpass in which depending in which site the user is, he will assign a vlan.  

For example

site A will have on their local controller configured vlan 200

site B will have on their local controller configured vlan 201

site C will have on their local controller configured vlan 202

 

the vlan 200 will just exist in the site A

 

Do i need to create a Tunnel GRE between master and local A site controller  and make this vlan 200 exist on the master controller????

If its like that will all my traffic will go to the master controller?

 

What we want to achive is that the guest users does not consume BW of point to point link sbetween datacenter and local sites

 

Cheers

Carlos

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Captive portal traffic on local controller

You are probably looking for policy-based routing.  http://community.arubanetworks.com/t5/Wireless-Access/Setting-AP-PBR-on-controller/m-p/314344

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Captive portal traffic on local controller

Hello Collin

It is not possible to do it in the way i proposing?

 

Each site will have their own guest vlan

For example

site A will have vlan 201

the default gateway of the vlan 201 will be only on site A and  vlan 201 does not exist on site B neither on site C

 

 

site B will have vlan 202

the default gateway of the vlan 202 will be only on site B and  vlan 202 does not exist on site A neither on site C

 

 

My quetion is, if i do it this way do i need to create this vlans on the Master controller????  i mean the captive portal will be using local controller ip address i bealive, and not master controller ip address on that vlan as far i understand.  

 

For example if a user on site A connnects he will get a ip address of vlan 201.  Let say its 192.168.201.50

The default gateway is 192.168.201.1 which is on  a firewall on site A

The local controller will have an ip on that vlan, let say its 192.168.201.254.

The user i bealive will be redirected to 192.168.201.254 right?

Or i need to create an ip address on the master controller on that vlan and the user get redirected to the master controller ip address on that vlan 201?

 

Cheers

Carlos

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Captive portal traffic on local controller

To assign a different VLAN per controller/site you can use named VLANs.  Your SSID will have the Virtual-AP vlan of "guest" for example.  Each local controller will have guest defined as the VLAN number that corresponds to that site.

 

If you can simply place guests on a VLAN where the default gateway is that of a cable modem, for example, that is pretty much all you need to do.  If the default gateway on that guest VLAN does not point to that other ISP, you need to use policy based routing.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Captive portal traffic on local controller

if i wanted the same SSID everywhere this would not be possible? i ws asking this becaues the initial role willl have a vlan for example 999 always no matter the site...

I would need to exchange the vlan when the user athenticate, and i dont know if that would work...

If we need the same SSID everywhere its possible doing this ? somehow?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Captive portal traffic on local controller

ok i re read what your message.

So its possible to create a named vlan on each local controller_?

I though you just could configure that on the master controller.   You can configure named vlans on each local controller????

 

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Captive portal traffic on local controller

Okay i just saw how to do it

Thanks Collin

i like the named vlan option... i guess i can work with this!

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: Captive portal traffic on local controller

Just a last quetion

 

If i got master controller on datacenter

I got a local controller  in site A

 

if i user connnect to the AP of SITE A and that ap terminate his tunnel on controller of site A

 

How much BW it will consume to the private link between SITE A and Datacenter??

I guess the controller will send the info of the user connected to the master controller andthat it.. and thats like a almost no usage of that link

Iam right?

 

I want to know this because the main reason we are changing the design of everyone going to interneto trhough a dmz controller ont he datacenter is that it, right now its puttting heavy traffic on that private link and most of that traffic is guest user traffic..   And i want to be sure the private link wont be loaded with heavy traffic.

 

Cheers

CArlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: