Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IP mobility, but not exactly?

This thread has been viewed 0 times

  • 1.  IP mobility, but not exactly?

    Posted Oct 17, 2012 05:36 PM

    Ok, so we've never really considered setting up IP mobility as we can run big flat networks and our wireless users roam freely.  Unfortunately, now I need to do something that seems like it's mobility-oriented, but not exactly IP mobility as far as I can tell.

     

    I'm setting up a peering link with another company so that we can extend their SSIDs over our APs in a shared physical space.  This means we cut down on the number of radios polluting the spectrum, but the hitch is that they have HIPAA concerns and I'd like to be able to have all of their user connections tunnel back to the one controller with the peering link.  Furthermore, I don't really want any APs to have to be associated with that controller - I would want them to be handled by the master/local controllers that we have over the rest of the campus.

     

    I'm assuming that I can setup the peering controller as a master, then put this master and the rest of my master/local controllers in the same mobility domain ... can I configure this so that these users would always be treated like foreign agents and get routed back to the controller with the peering link ??

     

    Or am I doing something completely wrong in my design ?

     

    Thanks!

     

    andrew.



  • 2.  RE: IP mobility, but not exactly?
    Best Answer

    EMPLOYEE
    Posted Oct 17, 2012 07:48 PM

    Abrennan,

     

    Let me be sure I'm answering this right:

     

    You want an access point to terminate on one controller, but you want the user traffic to terminate on a different controller?  The second controller being the one that actually is connected to the Physical VLANs that those users need to be on?

     

    Here's what you can do:

     

    Create a non-routable VLAN on controller #1.  Let's call it VLAN 1000.  Make sure it does not exist on any trunks on that controller.  Create a layer 2 GRE tunnel between controller #1 and #2 and assign that Arbitrary VLAN to the GRE tunnel on controller one:

     

    Controller 1:

    config t
interface tunnel 100
tunnel source <management ip of controller 1>
tunnel destination <management ip address of controller 2>
trusted
    tunnel mode gre 0
    no shut
tunnel VLAN 1000

     Controller 2

    Config t
interface tunnel 100
tunnel source <management ip address of controller #2>
tunnel destination <management ip address of controller#1>
trusted
    tunnel mode gre 0
    no shut
tunnel VLAN <Vlan number that those users should end up on on controller #2>

     

    Run the WLAN/LAN Wizard on Controller #1 and create a WLAN for those special users and assign it to VLAN 1000.

     

     

     

    This is more of a deterministic construct than IP mobility.  

     

    Last TIP:  If the two controllers this GRE tunnel will be on are master-local and have an ipsec tunnel between them, make sure that you execute a "tunnel mtu 1100" command on each tunnel interface so that the GRE tunnel will fit into the ipsec tunnel without issue.

     

     

     

     



  • 3.  RE: IP mobility, but not exactly?

    Posted Oct 18, 2012 04:26 PM

    That sounds better than what I was trying to do since I wasn't sure how to get the users on the "home" controller when they'd never actually roamed from it to the foreign controllers.  Thanks!