Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to setup IP routing correctly on Aruba 7030 controller

This thread has been viewed 19 times

  • 1.  How to setup IP routing correctly on Aruba 7030 controller

    Posted Jan 06, 2019 06:49 AM

    We have 2 x Aruba 7030 controllers using version 8.3.0.3 and they are setup in a Controller Cluster with a Virtual IP address (VRRP).

     

    The controllers are setup with their own IP address (Native Vlan where the Aruba Access Points are located).  They have a default gateway IP address that was originally configured on each controller on that Access Point VLan (ip default-gateway 10.11.X.1)

     

    After researching, it appears that in order to route corporate network traffic to the company network while at the same time routing internet only traffic (Guest WLAN traffic) to our DMZ vlan, I must setup routing rules.  (https://community.arubanetworks.com/t5/Wireless-Access/How-to-setup-a-guest-SSID-to-distribute-DHCP-from-the-local/td-p/485213 & verified with Aruba support)

     

    My questions are regarding IP routing on Aruba Controller.  In my experience, with HP Switches when IP routing is enabled then the Default gateway configuration is not being used.  (Referenced: https://community.spiceworks.com/topic/1780361-aruba-2920-j9726a-core-switch-setup)

     

    My controllers already have a few IP routes entered for the internal corporate network.  They were entered from the Web User Interface and they are verified in the cli:

    - ip route 172.X.0.0 255.255.0.0 10.11.X.1
    - ip route 10.X.0.0 255.255.0.0 10.11.X.1

     

    And I can still access the controllers just fine from the network abd the test comany WLANs still work for the corporate SSIDs.

     

    Question1:  If IP routing is enabled on the Aruba controller will the default gateway configuration be irrelevant?

     

    Question2:  How can I verify if IP routing is already enabled?  Do the above ip route stated from "show running-config" verify that IP routing is enabled on the controller?

     

    Question3:  If I wanted to set a new static route for internet only, to the DMZ VLan Gateway (64.X.X.2), will I just need to add another static route (web interface or from the command line)?

    >ip route 0.0.0.0 0.0.0.0 64.X.X.2<enter>

    >write memory<enter>

     

    Question4:  My fear is if I set the new static route for 0.0.0.0 0.0.0.0. then I will loose connectivity to the controller and need to logon locally from the console port to fix the configuration.  Since, the 2 x corporate IP routes are already in place that should allow communications back and forth between the corporate network and the controller correct?

     

    - ip route 172.X.0.0 255.255.0.0 10.11.X.1
    - ip route 10.X.0.0 255.255.0.0 10.11.X.1

    - ip route 0.0.0.0 0.0.0.0 64.X.X.2

     

    I am trying to be as prepared as I can for the necessary IP routing changes. 

     



  • 2.  RE: How to setup IP routing correctly on Aruba 7030 controller
    Best Answer

    MVP
    Posted Jan 09, 2019 11:21 PM

    Question1:  If IP routing is enabled on the Aruba controller will the default gateway configuration be irrelevant?

     

    Answer1: The default gateway comes into play when a route is not defined in the routing table for the destination. It then will use the default gateway to route the traffic out.

     

    Question2:  How can I verify if IP routing is already enabled?  Do the above ip route stated from "show running-config" verify that IP routing is enabled on the controller?

     

    Answer2: If you issue a "show ip route" and a routing table comes up, ip routing is enabled. I think this is always enabled as long as their is a single IP interface on the controller.

     

    Question3:  If I wanted to set a new static route for internet only, to the DMZ VLan Gateway (64.X.X.2), will I just need to add another static route (web interface or from the command line)?

    >ip route 0.0.0.0 0.0.0.0 64.X.X.2<enter>

    >write memory<enter>

     

    Answer4: As long as you have static routes setup for corporate traffic, then you can set the default gateway to use the DMZ link and anything non-corporate will default to that route.

     

    Question4:  My fear is if I set the new static route for 0.0.0.0 0.0.0.0. then I will loose connectivity to the controller and need to logon locally from the console port to fix the configuration.  Since, the 2 x corporate IP routes are already in place that should allow communications back and forth between the corporate network and the controller correct?

     

    - ip route 172.X.0.0 255.255.0.0 10.11.X.1
    - ip route 10.X.0.0 255.255.0.0 10.11.X.1

    - ip route 0.0.0.0 0.0.0.0 64.X.X.2

     

    Answer4: That *should* work, but I would do that change at a time where you can go to the controllers to console in just in case something goes wrong.