I have a customer that has a RAP-5 connected at a branch office that provides access back to their corporate office.


The setup is as follows. Cable modem connected to RAP. RAP connected to network switch. Network switch out to pc's. The RAP-5 also broadcasts out corporate SSID's. The RAP does a split tunnel and sends out all the Internet traffic to the cable modem and sends corporate 10.X.X.X traffic down the tunnel to the controller to home office. No problem. All set up and working great.


Customer wanted to add additinal AP's in the branch office to provide more wireless coverage. So we installed 2 AP-105's. The new AP's can reach the controller via the RAP-5 and we provisioned them on the system. No problem.


The problem that I'm running into is that the new AP-105's are just like any other AP back at corporate and they tunnel everything back to the controller. Which means the Internet traffic on the new AP's are going out the corporate Internet instead of doing the split tunnel like the RAP-5 is doing.


Is there a way to have these new AP's send their Internet traffic towards the RAP-5 and do split tunnel like the RAP?

Having a Campus AP (CAP) behind a RAP is not officially supported by Aruba (AFAIK).  It may work, but it may not.  You will probably have MTU issues, since you would have a GRE tunnel inside a GRE tunnel inside an IPSec tunnel.  Your best bet would be an Instant cluster with an IPSec tunnel back to corporate.


You may be able to make the RAP -> CAP solution work by making the AP-105 a RAP as well and having it do split-tunnel.  A CAP cannot do split tunnel.

