aruba wlans 101 and design fundamentals tim...
TRANSCRIPT
![Page 1: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/1.jpg)
#ATM15 |
ARUBA WLANS 101 AND DESIGN FUNDAMENTALS
Tim Cappalli March 2015
@ArubaNetworks
![Page 2: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/2.jpg)
2 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• Sr. Mobility Solutions Architect Wireless Practice Lead
• Boston, MA • Airheads Community: cappalli • Favorite product? ClearPass
About Me
@ArubaNetworks
@tcappy0707 about.me/timcappalli
![Page 3: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/3.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
3 #ATM15 |
Agenda
• Mobility controller architecture • Aruba Instant architecture • RAP-NG / IAP-VPN • Management platforms – Aruba Central – AirWave
• Discussion & Questions
@ArubaNetworks
![Page 4: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/4.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
4 #ATM15 |
Deployment types
• Mobility Controller: Master-local • Mobility Controller: All masters • Instant • Instant: RAP-NG • Hybrid! (all of the above, mix and match)
@ArubaNetworks
![Page 5: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/5.jpg)
5 #ATM15 |
Mobility Controller Architecture
@ArubaNetworks
![Page 6: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/6.jpg)
6 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Mobility Controller Family
@ArubaNetworks
256 APs 4,096 IPSec
512 APs 16,384 IPSec
1,024 APs 24,576 IPSec
2,048 APs 32,768 IPSec
7200 SERIES
![Page 7: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/7.jpg)
7 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Mobility Controller Family
@ArubaNetworks
CLOUD SERVICES CONTROLLERS
16 APs Can be powered via PoE
64 APs
32 APs 10 PoE+
![Page 8: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/8.jpg)
8 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Mobility Controller Family
@ArubaNetworks
CLOUD SERVICES CONTROLLERS
32 APs, 24 PoE+, 2x10G
![Page 9: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/9.jpg)
9 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Campus physical topology
@ArubaNetworks
Master backup
Master active
Local Controller Local Controller
Datacenter Datacenter
EDGE EDGE EDGE
![Page 10: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/10.jpg)
10 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Campus logical topology
@ArubaNetworks
Master standby
Master active
Local Controller Local Controller
IPSEC
GRE PRIMARY
GRE STANDBY
![Page 11: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/11.jpg)
11 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
L2 Deployment
@ArubaNetworks
Core/Distribution Switch
Controller
Tagged link
MGMT 30 10.200.30.1
CORP CLIENTS 31 10.200.31.1
BYOD CLIENTS 32 10.200.32.1
GUEST 33 10.200.33.1
30 10.200.30.5
31
32
33 10.200.33.5
BYOD Client
DNS / DHCP
IP 10.200.33.51 GW 10.200.33.1
IP HELPER
![Page 12: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/12.jpg)
12 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
L3 Deployment
@ArubaNetworks
WAN/Core/Distribution Router
TRANSIT 254 10.200.254.2/30
LOOPBACK lo 10.200.30.1
CORP CLIENTS 31 10.200.31.1
BYOD CLIENTS 32 10.200.32.1
GUEST 33 10.200.33.1
BYOD Client
DNS / DHCP
Controller
IP 10.200.33.51 GW 10.200.33.1
Transit link
10.200.254.1/30
![Page 13: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/13.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
13 #ATM15 |
Master controller responsibilities
• Policy configuration • Wireless security (WIPS / RFProtect) • AP white lists (CAPs w/ CPsec and RAPs) • Initial AP configuration • Authentication and roles
@ArubaNetworks
![Page 14: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/14.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
14 #ATM15 |
Local controller responsibilities
• AP and session termination – Terminates AP tunnels – User traffic processed and forwarded
• RFProtect enforcement and blacklisting • ARM • Mobility • QoS
@ArubaNetworks
![Page 15: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/15.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
15 #ATM15 |
Controller scaling
• Controller scaling table (VRD) • The important numbers – AP capacity – User/device capacity << important! – Tunnel capacity
• WMS scaling for master controller – Master controller may need to be larger than the locals depending
on the environment
@ArubaNetworks
![Page 16: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/16.jpg)
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
16 #ATM15 |
Controller scaling
• Platform – 7000 series (7005/7010/7024/7030) should only be used as local
controllers* – 7200 series should be master for multiple 7000 locals
• Failover capacity
@ArubaNetworks
![Page 17: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/17.jpg)
17 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• Tunnel • Bridge • Decrypt-tunnel
• Configured per virtual-ap and per ethernet interface • Choose based on network topology and
requirements
Campus Forwarding Modes
@ArubaNetworks
![Page 18: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/18.jpg)
18 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• All traffic is tunneled back to controller • User VLANs live in controller • Wired network is a high-speed overlay network • User traffic passes through stateful firewall and deep
packet inspection engine (*on 7 series controllers)
Tunnel
@ArubaNetworks
![Page 19: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/19.jpg)
19 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• User traffic bridged out to local network • User VLANs live in edge network • Authentication traffic tunneled to controller • Control plane security (cpsec) required • Captive portal authentication is not supported
Bridge
@ArubaNetworks
![Page 20: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/20.jpg)
20 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• User VLANs live in controller • AP decrypts traffic and strips 802.11 headers • AP adds 802.3 headers and frame is encapsulated in
GRE tunnel to controller • Controller applies firewall policies to traffic • Solves double-encryption issues when using a VPN • Control plane security (cpsec) required
Decrypt-tunnel (d-tunnel)
@ArubaNetworks
![Page 21: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/21.jpg)
21 21 #ATM15 |
Campus Redundancy
@ArubaNetworks
![Page 22: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/22.jpg)
22 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Master-Local Redundancy
@ArubaNetworks
Standby Master Local 1
Local 2
Local 1
Local 2
Local
Master
Master
Master Local
Local n
Local n
Master
Fully Redundant
Redundant Aggregation
Hot Standby
No Redundancy
![Page 23: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/23.jpg)
23 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
HA: AP Fast Failover
@ArubaNetworks
GRE STANDBY GRE
ACTIVE
AOS 6.3+
![Page 24: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/24.jpg)
24 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
HA: AP Fast Failover
@ArubaNetworks
GRE ACTIVE
AOS 6.3+
![Page 25: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/25.jpg)
25 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
AP FF: Controller Roles
• DUAL: Primary for some APs, standby for others • ACTIVE: Controller does not terminate standby
tunnels for other controllers • STANDBY: Controller only terminates standby
tunnels
@ArubaNetworks
![Page 26: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/26.jpg)
26 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
AP FF: N+1 Oversubscription
@ArubaNetworks
Controller Platform Ratio Max GRE tunnels 7000-series (70-05/10/24/30) 1:1 --
7210 4:1 16K 7220 4:1 32K 7240 4:1 64K M3 & 3600 2:1 16K
AOS 6.4+
![Page 27: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/27.jpg)
27 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
VRRP Failover (L2)
@ArubaNetworks
LMS-IP: 172.16.100.5
172.16.100.2 VRRP MASTER
172.16.100.5 VIRTUAL IP
172.16.100.3 VRRP BACKUP
GRE TUNNEL SRC-IP <AP>
DST-IP: 172.16.100.5
![Page 28: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/28.jpg)
28 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
VRRP Failover (L2)
@ArubaNetworks
LMS-IP: 172.16.100.5
172.16.100.5 VIRTUAL IP
172.16.100.3 VRRP MASTER
GRE TUNNEL SRC-IP <AP>
DST-IP: 172.16.100.5
AP RE-BOOTSTRAPS
![Page 29: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/29.jpg)
29 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Backup-LMS (L3)
@ArubaNetworks
LMS-IP: 172.16.100.2 BACKUP LMS-IP: 10.50.20.2
172.16.100.2 10.50.20.2
GRE TUNNEL SRC-IP <AP>
DST-IP: 172.16.100.2
![Page 30: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/30.jpg)
30 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Backup-LMS (L3)
@ArubaNetworks
LMS-IP: 172.16.100.2 BACKUP LMS-IP: 10.50.20.2
172.16.100.2 10.50.20.2
GRE TUNNEL SRC-IP <AP>
DST-IP: 10.50.20.2
AP REBOOTS
![Page 31: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/31.jpg)
31 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Remote AP (RAP)
@ArubaNetworks
![Page 32: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/32.jpg)
32 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Remote AP (RAP)
• Purpose-built RAPs and campus APs • Certificate-based provisioning • Secure wired and wireless remote access • RAPs are Instant out of the box • Aruba Activate
@ArubaNetworks
![Page 33: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/33.jpg)
33 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Remote AP
@ArubaNetworks
INTERNET
![Page 34: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/34.jpg)
34 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
IPSEC TUNNEL
Remote AP - Logical
@ArubaNetworks
INTERNET
rap.arubanetworks.com
MAC-ETH0 24:DE:C6:CB:4A:F0 SERIAL BZ0030536
PROVISIONING TYPE IAP TO RAP
AP GROUP Boston-RAP
CONTROLLER rap.arubanetworks.com
24:DE:C6:CB:4A:F0 | BZ0030536
ACTIVATE
![Page 35: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/35.jpg)
35 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• Tunnel • Bridge • Decrypt-tunnel • Split-tunnel
RAP Forwarding Modes
@ArubaNetworks
![Page 36: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/36.jpg)
36 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• Tunnels certain traffic back to controller via IPSec tunnel (defined in user roles)
• Allows non-corporate traffic to be bridged out locally saving bandwidth.
• RAP handles encryption, decryption and firewall enforcement locally
Split-tunnel
@ArubaNetworks
![Page 37: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/37.jpg)
37 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Limitations
• Roaming • ARM features • Requires controller licenses • Limited visibility
@ArubaNetworks
![Page 38: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/38.jpg)
38 #ATM15 |
Aruba Instant Architecture
@ArubaNetworks
![Page 39: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/39.jpg)
39 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• AP model begins with the letter I – IAP-225, IAP-215, IAP-205, etc
• Instant APs can be converted to controller-based APs • No feature licensing with local management • Manage locally, via AirWave, or Aruba Central (cloud) • Dynamic provisioning via Aruba Activate (free)
Aruba Instant Overview
@ArubaNetworks
![Page 40: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/40.jpg)
40 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
• Cooperate locally at L2 • Multiple uplink options (Ethernet, 4G/LTE, WiFi) • ARM, ClientMatch, AppRF, AirGroup, L3 Mobility • IAP-VPN/RAP-NG for distributed environments
Aruba Instant Overview - Technical
@ArubaNetworks
![Page 41: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/41.jpg)
41 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Instant topology
@ArubaNetworks
INTERNET
VC
![Page 42: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/42.jpg)
42 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Instant traffic flow
• Traffic destined for tunnels goes through VC • NAT’d traffic (guest) goes through VC • Regular user traffic firewalled, processed and
switched out at AP
@ArubaNetworks
![Page 43: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/43.jpg)
43 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Instant traffic flow
@ArubaNetworks
INTERNET
VC [10] 20,30 [10] 20,30
VC IP: 172.16.10.5 AP IP: 172.16.10.10 AP IP: 172.16.10.11
Client IP: 172.16.20.10 www.google.com
![Page 44: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/44.jpg)
44 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Instant traffic flow – Guest/NAT
@ArubaNetworks
INTERNET
VC [10] 20,30 [10] 20,30
VC IP: 172.16.10.5 AP IP: 172.16.10.10 AP IP: 172.16.10.11
Client IP: 172.31.98.42
Internal IAP Guest Network “Magic VLAN” 3333
172.31.98.x Src-NAT’d with VC address www.google.com
![Page 45: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/45.jpg)
45 #ATM15 |
RAP-NG / IAP-VPN
@ArubaNetworks
![Page 46: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/46.jpg)
46 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
RAP-NG / IAP-VPN Topology
@ArubaNetworks
Master active
Master backup
Master active
Master backup
Site 1
VC
Site 2
VC
Site 3
VC
INTERNET
Datacenter 1 Datacenter 2
![Page 47: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/47.jpg)
47 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Benefits
• Local RF coordination • Roaming • Isolated broadcast domains for each cluster • Authentication survivability • MAS integration
@ArubaNetworks
![Page 48: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/48.jpg)
48 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
DHCP modes
• Local • Centralized L2 • Distributed L2 • Centralized L3 • Distributed L3
@ArubaNetworks
![Page 49: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/49.jpg)
49 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
DHCP modes
@ArubaNetworks
DHCP MODE SUBNET DHCP CLIENT GW CORP TRAFFIC LCL/INTERNET
Local Local Master AP Master AP Src-NAT IPSec tunnel
Src-NAT Master AP IP
Centralized L2 CORP Datacenter Datacenter Tagged & switched to datacenter via tunnel
Src-NAT Master AP IP
Distributed L2 CORP Master AP Datacenter Tagged & switched to datacenter via tunnel
Src-NAT Master AP IP
Centralized L3 CORP Datacenter Master AP Routed to datacenter inside IPSec tunnel
Src-NAT Master AP IP
Distributed L3 CORP Master AP Master AP Routed to datacenter inside IPSec tunnel
Src-NAT Master AP IP
![Page 50: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/50.jpg)
50 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
RAP-NG/IAP-VPN licensing
• For basic VPN connectivity (single role), a single PEFNG license is required
• To use different roles for individual IAP clusters, the PEFV license is required for each controller
@ArubaNetworks
![Page 51: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/51.jpg)
51 51 #ATM15 |
Aruba Activate
@ArubaNetworks
![Page 52: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/52.jpg)
52 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Aruba Activate
@ArubaNetworks
![Page 53: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/53.jpg)
53 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Aruba Activate
@ArubaNetworks
![Page 54: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/54.jpg)
54 #ATM15 |
MANAGEMENT
@ArubaNetworks
![Page 55: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/55.jpg)
55 55 #ATM15 |
Aruba Central
@ArubaNetworks
![Page 56: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/56.jpg)
56 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Aruba Central Overview
• Cloud management for Instant and MAS • ZTP with Aruba Activate • Firmware management • Reporting • Responsive UI (adaptive to any display)* • AppRF management and visibility* • Cloud captive portal w/ social*
@ArubaNetworks
* Central 2.0 – Coming Soon
![Page 57: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/57.jpg)
57 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Aruba Central
@ArubaNetworks
![Page 58: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/58.jpg)
58 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Aruba Central
@ArubaNetworks
![Page 59: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/59.jpg)
59 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Aruba Central
@ArubaNetworks
![Page 60: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/60.jpg)
60 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Aruba Central
@ArubaNetworks
![Page 61: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/61.jpg)
61 61 #ATM15 |
AirWave
@ArubaNetworks
![Page 62: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/62.jpg)
62 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
AirWave Overview
• On-premise solution (VM or physical) • Management, monitoring and reporting of Aruba
controllers, Instant clusters, and MAS • Multi-vendor • In a hybrid controller-Instant environment,
AirWave recommended • Single pane of glass
@ArubaNetworks
![Page 63: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/63.jpg)
63 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Single pane of glass
@ArubaNetworks
![Page 64: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/64.jpg)
64 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Instant GUI config
@ArubaNetworks
![Page 65: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/65.jpg)
65 #ATM15 |
Discussion & Questions
@ArubaNetworks
![Page 66: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/66.jpg)
66 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
arubanetworks.com/vrd
@ArubaNetworks
![Page 67: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/67.jpg)
67 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved
#ATM15 |
Transition Content
Other resources
@ArubaNetworks
In-depth Wireless Architecture cwnp.com
![Page 68: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/68.jpg)
THANK YOU
68 #ATM15 | @ArubaNetworks
![Page 69: ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim ...community.arubanetworks.com/aruba/attachments/aruba...2015/03/01 · #ATM15 | ARUBA WLANS 101 AND DESIGN FUNDAMENTALS Tim Cappalli March](https://reader034.vdocuments.net/reader034/viewer/2022050418/5f8e2cfb1c0dc8408d500acf/html5/thumbnails/69.jpg)
69 #ATM15 | @ArubaNetworks