Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Two different svi's on the same controller?

This thread has been viewed 0 times

  • 1.  Two different svi's on the same controller?

    Posted Oct 29, 2018 03:12 PM

    Hello all, 

     

    I was wondering if the Aruba controller will allow to configure two separate svi's on the same controller? How would it handle the two separate default gateways? The svi's will have to be reachable throu their own physical ports - G0/0/0 (internal) G0/0/1 (DMZ) 

     

    A little bit of history: 

    I want to be able to logically split the controller - one port will have an internal IP address and the second port will have an IP in the DMZ (anchor controller for guest remote guess traffic).  I need to configure a layer 2 gre tunnel from a remote controller for guess non-routable traffic - only thru the gre tunnel.  

     

    Thank you in advance for your replies.  

     

    Cheers!  



  • 2.  RE: Two different svi's on the same controller?
    Best Answer

    EMPLOYEE
    Posted Oct 29, 2018 06:18 PM
    @MLG13 wrote:

    Hello all, 

     

    I was wondering if the Aruba controller will allow to configure two separate svi's on the same controller? How would it handle the two separate default gateways? The svi's will have to be reachable throu their own physical ports - G0/0/0 (internal) G0/0/1 (DMZ) 

     

    A little bit of history: 

    I want to be able to logically split the controller - one port will have an internal IP address and the second port will have an IP in the DMZ (anchor controller for guest remote guess traffic).  I need to configure a layer 2 gre tunnel from a remote controller for guess non-routable traffic - only thru the gre tunnel.  

     

    Thank you in advance for your replies.  

     

    Cheers!  

    A controller can have multiple SVIs configured, one for each VLAN configured on the controller. I don't think that's what you're asking though.

     

    There is a single routing table for a controller, so there won't be two default routes pointing two different directions, unless one is a failover used when a physical interface goes down.

     

    For the layer 2 GRE, then anchor controller needs to handle the routing. The anchor controller can have a default route pointing to the Internet uplink, with more specific routes (either static or dynamic) for getting the anchor controller routes to the inside controllers for tunnel setup.



  • 3.  RE: Two different svi's on the same controller?

    Posted Oct 30, 2018 11:02 AM

    I know, the more I think about it, I don't think it would be possible to "logically" separate one controller in two.  



  • 4.  RE: Two different svi's on the same controller?

    EMPLOYEE
    Posted Oct 30, 2018 11:07 AM

    Do you want to have different default gateways for (1) controller traffic and (2) guest traffic, you should use PBR or Policy-Based Routing:

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-router-ACL-for-PBR/ta-p/234519

     

    tl;dr, the Controller routing stays the same and you change the routing for the guest traffic via the role that the guest ends up in.