Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

build Wireless network with tow connections

This thread has been viewed 0 times

  • 1.  build Wireless network with tow connections

    Posted Aug 09, 2018 06:42 PM

    Hi to everyone 

    I have infrastructure that there is internet router seprated from core switch and we don't want to connect the internet router to core switch but we want to connect the internal network and internet router to the controller to create 2 SSIDs 

    1- guest taking internet from internet router 

    2- internal network from the core switch 

    and I would like to know if we can connect internet router in 1st port of the controller and the core switch in the 2nd port of the controller and if we can what wil be the default gateway and how will be the routing between the 2 subnets 

     



  • 2.  RE: build Wireless network with tow connections
    Best Answer

    EMPLOYEE
    Posted Aug 10, 2018 06:36 AM

    In general, customers look for isolation between corporate and guest users in this case, not routing between those. If you deploy in L2 mode, which is most common, an external router will be used to route traffic. You create (at least) two VLANs in this case, and connect the corporate SSID to the corporate VLAN to the corporate router/switch, and guest SSID to guest VLAN, to the guest router.

     

    There will be no routing between those networks, unless you create a route on the corporate router and guest router (probably via a firewall).

     

    If you do captive portal, you need to put an IP address on the controller guest VLAN, make sure with access-lists that the controller IP cannot be used to access the controller or services behind the controller.



  • 3.  RE: build Wireless network with tow connections

    Posted Aug 10, 2018 06:48 AM

    by the way the phisical connection just will be in the controller there is no other phisical connection between them

    Actually we don't want to route between them we want the external router to be isolated from network so we don't want to add routing in our infrastructure between them 

    if I configure the first port for corporate vlan and connected to our core switch 

    and configure the second port for the external router and connected to it 

     

    in this case there is routing so 

    1- will both SSIDs work fine and corporate take from our dhcp server and guest will take from external router ?

    2- if didn't work do I have to add route between them in the controller and how will be ?

    I really apprecite thanks a lot 



  • 4.  RE: build Wireless network with tow connections

    EMPLOYEE
    Posted Aug 10, 2018 11:08 AM
    @Turki wrote:

    in this case there is routing so 

    1- will both SSIDs work fine and corporate take from our dhcp server and guest will take from external router ?

    2- if didn't work do I have to add route between them in the controller and how will be ?

    I really apprecite thanks a lot 

    In your example, there should not be any routing between the two networks. From your use-case:

     

    1st port configured for corporate VLAN and connected to core switch

    2nd port configured for guest and connected to an external router

     

    For simplicity, the first port is configured as an access port in VLAN1 with an IP address associated for management of the controller. The default router points to the corporate infrastructure. The corporate SSID places users in this VLAN (1). Because the corporate user is placed in VLAN 1, the corporate DHCP servers are used. Corporate users are layer 2 connected to the corporate infrastructure, without the controller acting as the default gateway for corporate users.

     

    The second port is configured as an access port for a dedicated VLAN, 600, and connected to the external router. There is no IP assigned to this interface on the controller. The guest SSID places users in this VLAN (600). Guest users will need DHCP provided by the external router. The external DHCP server will also provide external DNS information to clients, so there is no dependency on corporate servers. The external router is the defauly gateway for guest users. The guest VLAN 600 is layer 2 connected to the external router, there is no routing between guest and corporate users at the controller.



  • 5.  RE: build Wireless network with tow connections

    Posted Aug 10, 2018 12:36 PM

    Hi 

    last question 

    1st port will be access to internal network as example subnet 20.1.1.0 255.255.255.0

    2nd port will be access for external router as example subnet 192.168.1.0 255.255.255.0

    what about the access points IP if there is no routing between the 2 subnets as the access points will serve the 2 SSIDs  either we gave the access points IP from guest subnet or internal network subnts how we will accomplish this task 

     

    thank you and best regards



  • 6.  RE: build Wireless network with tow connections
    Best Answer

    EMPLOYEE
    Posted Aug 10, 2018 12:49 PM
    @Turki wrote:

    Hi 

    last question 

    1st port will be access to internal network as example subnet 20.1.1.0 255.255.255.0

    2nd port will be access for external router as example subnet 192.168.1.0 255.255.255.0

    what about the access points IP if there is no routing between the 2 subnets as the access points will serve the 2 SSIDs  either we gave the access points IP from guest subnet or internal network subnts how we will accomplish this task 

     

    thank you and best regards

    Under normal operation, the Access Points know nothing about the VLANs that users are connected to.

     

    APs would be connected to your corporate infrastructure. They will create GRE tunnels to the controller for each SSID in use. The controller is responsible for connecting the user's data from the tunnel to the appropriate VLAN/network.