Wireless Access

Hello,

I'm starting to read information about aruba cloud and AOS10, and I would need a clarification. I don't have clear when I should include Aruba Gateways in my design. I'd like to create an infrastructure without WLAN controllers or gateways, only APs. Right now I have 20 WLAN controllers and 1100 APs deployed in 12 sites. I would like to manage my APs and my core and access switches from Aruba Central. What would be the limitations with the bridge mode? Am I going to loose some features from my current design?

Thanks in advance.



------------------------------
tech_sec
------------------------------

Bridge mode drops client traffic off on the APs switchport. If you are putting a client on VLAN 50 for example, you would need to tag that VLAN on the APs switchport. Using gateways will allow you to tunnel the traffic to the gateway, and drop the client traffic off on a port connected to the gateway. For example, it is best practice to drop guest clients off onto a VLAN in a DMZ. It is much easier and safer to position the gateway near your DMZ network in the datacenter that to stretch the DMZ VLAN out to each AP port. In AOSv10 you are able to select what traffic to tunnel back to the gateway. It can be on a per SSID basis or on a per client basis. If you already have an investment in controllers/gateways, then it makes sense to use them for at least the case I mentioned.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Jul 01, 2022 08:53 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Hello,

I'm starting to read information about aruba cloud and AOS10, and I would need a clarification. I don't have clear when I should include Aruba Gateways in my design. I'd like to create an infrastructure without WLAN controllers or gateways, only APs. Right now I have 20 WLAN controllers and 1100 APs deployed in 12 sites. I would like to manage my APs and my core and access switches from Aruba Central. What would be the limitations with the bridge mode? Am I going to loose some features from my current design?

Thanks in advance.



------------------------------
tech_sec
------------------------------

Thanks a lot Dustin for your help. I have some questions after reading your post. I want to delete or decrease the number of WLAN controllers, I could use only two gateways and host them in the DC, then I could tunnel only the guest SSID to them and bridge all other SSIDs, but... what would happen if these two gateways go down, could these APs distributed on all these affiliates providing service to the clients anyway?

------------------------------
tech_sec
------------------------------

Original Message:
Sent: Jul 01, 2022 08:58 AM
From: Dustin Burns
Subject: Aruba Cloud - AOS10 Bridge model

Bridge mode drops client traffic off on the APs switchport. If you are putting a client on VLAN 50 for example, you would need to tag that VLAN on the APs switchport. Using gateways will allow you to tunnel the traffic to the gateway, and drop the client traffic off on a port connected to the gateway. For example, it is best practice to drop guest clients off onto a VLAN in a DMZ. It is much easier and safer to position the gateway near your DMZ network in the datacenter that to stretch the DMZ VLAN out to each AP port. In AOSv10 you are able to select what traffic to tunnel back to the gateway. It can be on a per SSID basis or on a per client basis. If you already have an investment in controllers/gateways, then it makes sense to use them for at least the case I mentioned.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jul 01, 2022 08:53 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Hello,

I'm starting to read information about aruba cloud and AOS10, and I would need a clarification. I don't have clear when I should include Aruba Gateways in my design. I'd like to create an infrastructure without WLAN controllers or gateways, only APs. Right now I have 20 WLAN controllers and 1100 APs deployed in 12 sites. I would like to manage my APs and my core and access switches from Aruba Central. What would be the limitations with the bridge mode? Am I going to loose some features from my current design?

Thanks in advance.



------------------------------
tech_sec
------------------------------

No you would need to change the forwarding for the Guest SSID if the tunnel endpoints (gateways) are down.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Jul 01, 2022 09:27 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Thanks a lot Dustin for your help. I have some questions after reading your post. I want to delete or decrease the number of WLAN controllers, I could use only two gateways and host them in the DC, then I could tunnel only the guest SSID to them and bridge all other SSIDs, but... what would happen if these two gateways go down, could these APs distributed on all these affiliates providing service to the clients anyway?

------------------------------
tech_sec

Original Message:
Sent: Jul 01, 2022 08:58 AM
From: Dustin Burns
Subject: Aruba Cloud - AOS10 Bridge model

Bridge mode drops client traffic off on the APs switchport. If you are putting a client on VLAN 50 for example, you would need to tag that VLAN on the APs switchport. Using gateways will allow you to tunnel the traffic to the gateway, and drop the client traffic off on a port connected to the gateway. For example, it is best practice to drop guest clients off onto a VLAN in a DMZ. It is much easier and safer to position the gateway near your DMZ network in the datacenter that to stretch the DMZ VLAN out to each AP port. In AOSv10 you are able to select what traffic to tunnel back to the gateway. It can be on a per SSID basis or on a per client basis. If you already have an investment in controllers/gateways, then it makes sense to use them for at least the case I mentioned.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jul 01, 2022 08:53 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Hello,

I'm starting to read information about aruba cloud and AOS10, and I would need a clarification. I don't have clear when I should include Aruba Gateways in my design. I'd like to create an infrastructure without WLAN controllers or gateways, only APs. Right now I have 20 WLAN controllers and 1100 APs deployed in 12 sites. I would like to manage my APs and my core and access switches from Aruba Central. What would be the limitations with the bridge mode? Am I going to loose some features from my current design?

Thanks in advance.



------------------------------
tech_sec
------------------------------

Got it Dustin. Thank you.

But...if we forgot the chance of locate the gateways into the DMZ for the GUEST network, what advantages am I going to have using these gateways? I'm sorry to insist about this idea but it's something important for me, to be able of delete gateways or controllers from the network.

------------------------------
tech_sec
------------------------------

Original Message:
Sent: Jul 01, 2022 10:45 AM
From: Dustin Burns
Subject: Aruba Cloud - AOS10 Bridge model

No you would need to change the forwarding for the Guest SSID if the tunnel endpoints (gateways) are down.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jul 01, 2022 09:27 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Thanks a lot Dustin for your help. I have some questions after reading your post. I want to delete or decrease the number of WLAN controllers, I could use only two gateways and host them in the DC, then I could tunnel only the guest SSID to them and bridge all other SSIDs, but... what would happen if these two gateways go down, could these APs distributed on all these affiliates providing service to the clients anyway?

------------------------------
tech_sec

Original Message:
Sent: Jul 01, 2022 08:58 AM
From: Dustin Burns
Subject: Aruba Cloud - AOS10 Bridge model

Bridge mode drops client traffic off on the APs switchport. If you are putting a client on VLAN 50 for example, you would need to tag that VLAN on the APs switchport. Using gateways will allow you to tunnel the traffic to the gateway, and drop the client traffic off on a port connected to the gateway. For example, it is best practice to drop guest clients off onto a VLAN in a DMZ. It is much easier and safer to position the gateway near your DMZ network in the datacenter that to stretch the DMZ VLAN out to each AP port. In AOSv10 you are able to select what traffic to tunnel back to the gateway. It can be on a per SSID basis or on a per client basis. If you already have an investment in controllers/gateways, then it makes sense to use them for at least the case I mentioned.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos

Original Message:
Sent: Jul 01, 2022 08:53 AM
From: Abraham Lopez
Subject: Aruba Cloud - AOS10 Bridge model

Hello,

I'm starting to read information about aruba cloud and AOS10, and I would need a clarification. I don't have clear when I should include Aruba Gateways in my design. I'd like to create an infrastructure without WLAN controllers or gateways, only APs. Right now I have 20 WLAN controllers and 1100 APs deployed in 12 sites. I would like to manage my APs and my core and access switches from Aruba Central. What would be the limitations with the bridge mode? Am I going to loose some features from my current design?

Thanks in advance.



------------------------------
tech_sec
------------------------------