Wireless Access

Reply
Frequent Contributor I

How to setup IP routing correctly on Aruba 7030 controller

We have 2 x Aruba 7030 controllers using version 8.3.0.3 and they are setup in a Controller Cluster with a Virtual IP address (VRRP).

 

The controllers are setup with their own IP address (Native Vlan where the Aruba Access Points are located).  They have a default gateway IP address that was originally configured on each controller on that Access Point VLan (ip default-gateway 10.11.X.1)

 

After researching, it appears that in order to route corporate network traffic to the company network while at the same time routing internet only traffic (Guest WLAN traffic) to our DMZ vlan, I must setup routing rules.  (https://community.arubanetworks.com/t5/Wireless-Access/How-to-setup-a-guest-SSID-to-distribute-DHCP-from-the-local/td-p/485213 & verified with Aruba support)

 

My questions are regarding IP routing on Aruba Controller.  In my experience, with HP Switches when IP routing is enabled then the Default gateway configuration is not being used.  (Referenced: https://community.spiceworks.com/topic/1780361-aruba-2920-j9726a-core-switch-setup)

 

My controllers already have a few IP routes entered for the internal corporate network.  They were entered from the Web User Interface and they are verified in the cli:

- ip route 172.X.0.0 255.255.0.0 10.11.X.1
- ip route 10.X.0.0 255.255.0.0 10.11.X.1

 

And I can still access the controllers just fine from the network abd the test comany WLANs still work for the corporate SSIDs.

 

Question1:  If IP routing is enabled on the Aruba controller will the default gateway configuration be irrelevant?

 

Question2:  How can I verify if IP routing is already enabled?  Do the above ip route stated from "show running-config" verify that IP routing is enabled on the controller?

 

Question3:  If I wanted to set a new static route for internet only, to the DMZ VLan Gateway (64.X.X.2), will I just need to add another static route (web interface or from the command line)?

>ip route 0.0.0.0 0.0.0.0 64.X.X.2<enter>

>write memory<enter>

 

Question4:  My fear is if I set the new static route for 0.0.0.0 0.0.0.0. then I will loose connectivity to the controller and need to logon locally from the console port to fix the configuration.  Since, the 2 x corporate IP routes are already in place that should allow communications back and forth between the corporate network and the controller correct?

 

- ip route 172.X.0.0 255.255.0.0 10.11.X.1
- ip route 10.X.0.0 255.255.0.0 10.11.X.1

- ip route 0.0.0.0 0.0.0.0 64.X.X.2

 

I am trying to be as prepared as I can for the necessary IP routing changes. 

 

Re: How to setup IP routing correctly on Aruba 7030 controller

Question1:  If IP routing is enabled on the Aruba controller will the default gateway configuration be irrelevant?

 

Answer1: The default gateway comes into play when a route is not defined in the routing table for the destination. It then will use the default gateway to route the traffic out.

 

Question2:  How can I verify if IP routing is already enabled?  Do the above ip route stated from "show running-config" verify that IP routing is enabled on the controller?

 

Answer2: If you issue a "show ip route" and a routing table comes up, ip routing is enabled. I think this is always enabled as long as their is a single IP interface on the controller.

 

Question3:  If I wanted to set a new static route for internet only, to the DMZ VLan Gateway (64.X.X.2), will I just need to add another static route (web interface or from the command line)?

>ip route 0.0.0.0 0.0.0.0 64.X.X.2<enter>

>write memory<enter>

 

Answer4: As long as you have static routes setup for corporate traffic, then you can set the default gateway to use the DMZ link and anything non-corporate will default to that route.

 

Question4:  My fear is if I set the new static route for 0.0.0.0 0.0.0.0. then I will loose connectivity to the controller and need to logon locally from the console port to fix the configuration.  Since, the 2 x corporate IP routes are already in place that should allow communications back and forth between the corporate network and the controller correct?

 

- ip route 172.X.0.0 255.255.0.0 10.11.X.1
- ip route 10.X.0.0 255.255.0.0 10.11.X.1

- ip route 0.0.0.0 0.0.0.0 64.X.X.2

 

Answer4: That *should* work, but I would do that change at a time where you can go to the controllers to console in just in case something goes wrong.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: