Wireless Access

Hi,

I am running mobility master 8.2 and 2 x controllers with bunch of access points.

I have been asked to deploy a split tunnel on new SSID for corporate traffic so they can access local resource and for Guest normal tunnel with DMZ.

I have been also asked to explore the opprtunity for IAP Cluster on bigger sites which are manged by Mobility Master.

I am new to Mobility Master GUI. I could have done easily split tunnel with normal controller by setting up the AP provile and wired profile but in Mobility master I can't see the options and I can't figure out as well.

Can some one please help me or guid me to the documentation or videos which can help me to setup the split tunnel and also IAP Cluster mangaement vi MM.

Thanks,

Nilay.

How many access points will be at those remote sites?  If it is more than one, an Instant AP cluster makes more sense.  Split tunneling source-nats traffic that is not going back to the corporate network, so roaming will break a split tunneled SSID.

A split tunneled SSID can only be configured on a Remote AP.

If you are doing an Instant Cluster, you would have to create an IAP-VPN between the cluster and the controller to get traffic back to the headend.  If all of your traffic at that site is routable to the corporate network, you probably do not need an IAP-VPN split tunneling, because it would be routable and addressable to the headend..

Current requirement is to have camps AP to perform corporate traffic on local LAN so split tunnel or bridge and guest to internet. 

I have couple of sites with and tier 1 site has around 20 AP. 

IAP cluter which can be manged vi Mobility Master was just a google serach but there is nothing to show how to configure the same. so that is nice to find out if that helps in this scenario or I am happy with Campus AP. 

Split tunneling is designed ONLY for sites connected to the internet, but do not have any other way to get back to the corporate network.  It is not for Campus locations that otherwise have a route back to corporate via site to site VPN or regular routing.

In a regular network, where there majority of client traffic is to centralized resources away from the site such as email, web servers, file servers, etc., you would have a tunneled SSID.  Traffic between sites and the corporate network would typically be fast.  There would be minimal traffic that needs to stay local for things like printing.

In the use case where there are significant local resources, and the majority of traffic destination is at that site (email on site, file servers on site, web servers on site, etc.) it is advised to just have Aruba Instant, where traffic would be bridged locally.

If you could, I would engage an Aruba partner to design the network properly so that you get the right fit for your environment early on.

Can you manage an IAP cluster with a mobility master or is that feature forthcoming?