Wireless Access

Occasional Contributor II

IP mobility, but not exactly?

Ok, so we've never really considered setting up IP mobility as we can run big flat networks and our wireless users roam freely.  Unfortunately, now I need to do something that seems like it's mobility-oriented, but not exactly IP mobility as far as I can tell.


I'm setting up a peering link with another company so that we can extend their SSIDs over our APs in a shared physical space.  This means we cut down on the number of radios polluting the spectrum, but the hitch is that they have HIPAA concerns and I'd like to be able to have all of their user connections tunnel back to the one controller with the peering link.  Furthermore, I don't really want any APs to have to be associated with that controller - I would want them to be handled by the master/local controllers that we have over the rest of the campus.


I'm assuming that I can setup the peering controller as a master, then put this master and the rest of my master/local controllers in the same mobility domain ... can I configure this so that these users would always be treated like foreign agents and get routed back to the controller with the peering link ??


Or am I doing something completely wrong in my design ?





Guru Elite

Re: IP mobility, but not exactly?



Let me be sure I'm answering this right:


You want an access point to terminate on one controller, but you want the user traffic to terminate on a different controller?  The second controller being the one that actually is connected to the Physical VLANs that those users need to be on?


Here's what you can do:


Create a non-routable VLAN on controller #1.  Let's call it VLAN 1000.  Make sure it does not exist on any trunks on that controller.  Create a layer 2 GRE tunnel between controller #1 and #2 and assign that Arbitrary VLAN to the GRE tunnel on controller one:


Controller 1:

config t
interface tunnel 100
tunnel source <management ip of controller 1>
tunnel destination <management ip address of controller 2>
tunnel mode gre 0
no shut tunnel VLAN 1000

 Controller 2

Config t
interface tunnel 100
tunnel source <management ip address of controller #2>
tunnel destination <management ip address of controller#1>
tunnel mode gre 0
no shut tunnel VLAN <Vlan number that those users should end up on on controller #2>


Run the WLAN/LAN Wizard on Controller #1 and create a WLAN for those special users and assign it to VLAN 1000.




This is more of a deterministic construct than IP mobility.  


Last TIP:  If the two controllers this GRE tunnel will be on are master-local and have an ipsec tunnel between them, make sure that you execute a "tunnel mtu 1100" command on each tunnel interface so that the GRE tunnel will fit into the ipsec tunnel without issue.





*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: IP mobility, but not exactly?

That sounds better than what I was trying to do since I wasn't sure how to get the users on the "home" controller when they'd never actually roamed from it to the foreign controllers.  Thanks!



Search Airheads
Showing results for 
Search instead for 
Did you mean: