We have 2 x Aruba 7030 controllers using version 8.3.0.3 and they are setup in a Controller Cluster with a Virtual IP address (VRRP).
The controllers are setup with their own IP address (Native Vlan where the Aruba Access Points are located). They have a default gateway IP address that was originally configured on each controller on that Access Point VLan (ip default-gateway 10.11.X.1)
After researching, it appears that in order to route corporate network traffic to the company network while at the same time routing internet only traffic (Guest WLAN traffic) to our DMZ vlan, I must setup routing rules. (https://community.arubanetworks.com/t5/Wireless-Access/How-to-setup-a-guest-SSID-to-distribute-DHCP-from-the-local/td-p/485213 & verified with Aruba support)
My questions are regarding IP routing on Aruba Controller. In my experience, with HP Switches when IP routing is enabled then the Default gateway configuration is not being used. (Referenced: https://community.spiceworks.com/topic/1780361-aruba-2920-j9726a-core-switch-setup)
My controllers already have a few IP routes entered for the internal corporate network. They were entered from the Web User Interface and they are verified in the cli:
- ip route 172.X.0.0 255.255.0.0 10.11.X.1
- ip route 10.X.0.0 255.255.0.0 10.11.X.1
And I can still access the controllers just fine from the network abd the test comany WLANs still work for the corporate SSIDs.
Question1: If IP routing is enabled on the Aruba controller will the default gateway configuration be irrelevant?
Question2: How can I verify if IP routing is already enabled? Do the above ip route stated from "show running-config" verify that IP routing is enabled on the controller?
Question3: If I wanted to set a new static route for internet only, to the DMZ VLan Gateway (64.X.X.2), will I just need to add another static route (web interface or from the command line)?
>ip route 0.0.0.0 0.0.0.0 64.X.X.2<enter>
>write memory<enter>
Question4: My fear is if I set the new static route for 0.0.0.0 0.0.0.0. then I will loose connectivity to the controller and need to logon locally from the console port to fix the configuration. Since, the 2 x corporate IP routes are already in place that should allow communications back and forth between the corporate network and the controller correct?
- ip route 172.X.0.0 255.255.0.0 10.11.X.1
- ip route 10.X.0.0 255.255.0.0 10.11.X.1
- ip route 0.0.0.0 0.0.0.0 64.X.X.2
I am trying to be as prepared as I can for the necessary IP routing changes.