Wireless Access

I haven't dug into the manuals yet as I wanted to see if this were possible before I devoted the hours to do so. Essentially I have several configuration type questions:

 

1 - With site to site VPNs on mobility controllers, if I had 3 or 4 sites, can they all VPN to one another without causing a loop? And if one went down the others could still communicate. A site to site VPN mesh if you will.

2. If, in this mesh, I have RAPs that report to site A, and site A goes down, is there a way to set fail over so that the RAPs would fail over to site B?

3. Essentially same as question 2 but with VIA VPN access.

 

So the scenario would be sites A, B, C and D all site to site VPN together to share development VLANS (VLANS 10, 20, 30 go to all sites, each site having endpoints on the respective VLANS). RAPs bring in several remote offices to access these VLANs. VIA VPNs also bring in remote users to these VLANs. Initially, RAPs and VIA VPNs connect through site A.

 

Godzilla rolls through and takes out site A. The RAPs and VPNs need to fail over to site B for access to the development VLANs. The military takes out Godzilla and power is restored to site A and it comes back online and can once again be the connection point for RAPs and VPNs.

 

So is this a reasonable configuration?

Anyone? Thoughts?

In general If you advertise more than one route to a controller, you would want to use a routing protocol like OSPF to advertise availability in a "mesh" network situation.
If you have remote APs for redundancy you would want to put two IP addresses in a dns record and point your RAPs to that fqdn.
For via, you would advertise two profiles to each user so if the first one doesn't work, users can use the second.

This is only general advice. you should engage a Aruba value-added reseller to help design and implement the specifics of a plan.