Wireless Access

Reply
Guru Elite

Re: Split tunnel with Campus AP

Only if those 32 access points are in the same layer 2 vlan.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Re: Split tunnel with Campus AP

 


@Steffen wrote:
Is it right, that in bridge mode only 32 Access Points are supported?

@Steffen

as you know , the mode is linked to the VAP, that's way there are no limite to AP supported for any mode (tunneled, split-tunnel and bridged).

Regards


Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACCP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Guru Elite

Re: Split tunnel with Campus AP

The reason for an 32 AP limit for bridge mode is firewall synchronization:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/Does-an-AP-in-bridge-mode-support-firewall-session/ta-p/179504

 

- It is limited only to 32 APs that are in the same VLAN, because the firewall synchronization for clients is only shared to a maximum of 32 APs.

- If the number of APs that are broadcasting the bridged SSID in the same VLAN does not exceed 32, there is no real limit.

- Again, this is only for the scenario when there are 32 APs in the same VLAN, broadcasting the same bridged SSID.  

- Typically at a remote location, where you need to bridge traffic, it would not exceed 32 APS; you would have a controller

- At a location where there is a controller and it exceeds 32 APS, you would be operating in tunnel mode

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Split tunnel with Campus AP

If i dont use any firewall functionality, is it possible to disable firewall synchronization, in order to expand the max number of AP's in bridge mode?
Guru Elite

Re: Split tunnel with Campus AP

No sir.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Split tunnel with Campus AP

Ok, I was thinking something like this already. But, how it works this in tunnel mode? Is then the firewall instance on the controller?
Guru Elite

Re: Split tunnel with Campus AP

Yes. Tunnel mode does not have that limitation.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Split tunnel with Campus AP

Why? Behause the Firewall instance is on the controller and the synchronization is only on this?
Guru Elite

Re: Split tunnel with Campus AP

Yes. 95% of deployments tunnel traffic back to the controller. Not many bridge traffic. Of the ones that are bridged, it does not pass 32 APS often.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor I

Re: Split tunnel with Campus AP

I look forward to the day Aruba spends less effort making excuses for their lackings and instead direct that effort to debugging, documentation, facilitating customers requests.

 

Raouf,

I understand and respect your request. We have the same needs in certain areas of our campus. Be aware just because Aruba can't meet your needs in this area does not mean that your needs are not valid. 

 

We were able to accomplish a campus split-tunnel solution using Cisco's new distributed controller model (controller service built into access switches).

 

We use multiple vendors depending on how a vendor can meet OUR needs. Our needs do not change to facilitate any one vendors short-comings.

 

Good luck in finding a solution,

Fred

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: