Aruba Networks Version 3.3 manual Vlan Design

Page 28

production AP load. By contrast Aruba supports up to 2,048 campus-connected APs and 8,192 Remote APs per controller which makes a 1:1 redundancy model feasible for the largest campus deployments.

With a properly implemented distribution layer, this Active-Active Local Controller design with VRRP at the Aggregation layer features full redundancy while offering performance advantages by load balancing during normal operation. This form of redundancy is superior to an N+1 design with a dedicated backup controller for the following three reasons.

zThe network is already redundant – A properly implemented distribution layer has redundant links between access layer switches and core routers. If any link other than the ones to the Aruba Controllers fails, the system is already designed to route around that failure. Maintaining redundant links or having the Mobility Controllers ‘straddle’ between distribution layer switches does not add any additional reliability

zLoss of two controllers means a full network outage – Two Local controllers with physically isolated data connections on separate, redundant power sources are already protected against a majority of common failure modes. If both controllers lose power or link simultaneously it would most likely affect many more network components resulting in a complete network outage no matter how many redundant Local Controllers are available

zBetter use of capital– In an N+1 design scenario at least one fully licensed Mobility Controller must always be sitting idle awaiting a network failure. Using Aruba’s Active-Active capability allows both Local Controllers to terminate APs and enforce policies and user roles within the network, while providing hot backup for other members of the cluster

VLAN Design

When performing VLAN planning it helps to remember that VLANs are used in two logically different places on an Aruba Mobility Controller at the Aggregation layer. The first is the AP access side of the controller, where APs will terminate their GRE tunnels. These VLANs carry encrypted traffic back and forth between APs and the Controllers. The second is the user access side, where user VLANs will exist and where traffic to and from the user will flow. During authentication, a process called ‘role derivation’ assigns the proper VLAN to each user and forwards traffic to the wired network if allowed.

The user and access VLANs can also be visualized separately. In the first diagram below, the AP uses VLAN 100 for access. This represents the physical connection of the AP to the network.

Local

 

Mobility

100

Controller

 

100

100

28 Mobility Controller and Access Point Deployment

Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide

Image 28
Contents Campus Wireless Networks Validated Reference Design Version Crossman Avenue Sunnyvale, California Phone Fax Contents Chapter RF Planning and Operation Aruba Reference Architectures Reference DocumentsContacting Aruba Networks IntroductionTelephone Support Understanding Centralized Wireless LAN Networks Aruba’s User-Centric Network ArchitectureIntroducing Aruba’s User-Centric Network Centralized Wlan ModelArubaOS and Mobility Controller ArubaOSMobility Controller Access Point Multi-function Thin Access PointsAir Monitor Mesh Portal or Mesh Point Aruba’s Secure Enterprise Mesh NetworkMobility Management System Remote APMobility Management System PoC Network Physical Design Proof-of-Concept NetworkPoC Network Logical and RF Design VlanProof-of-Concept Network Proof-of-Concept Network Aruba Campus Wlan Physical Architecture Campus Wlan Validated Reference DesignAruba Campus Wlan Logical Architecture Data center ManagementMaster Campus Wlan Validated Reference Design Mobility Controller Access Point Deployment Understanding Master and Local OperationMobility Controller High Availability Master Controller Redundancy Local Controller Redundancy Second Local controller has an opposite configuration Vlan Design Do Not Make Aruba the Default Router Do Not Use Special VLANsVlan Pools VlanUser Mobility and Mobility Domains VLANs 10, 20, 30ArubaOS Mobility Domain MD1Mobility Controller Physical Placement and Connectivity Master Controller PlacementLocal Controller Placement AP Placement, Power, and ConnectivityMobility Controller and Thin AP Communication AP Location and Density Considerations AP Power and ConnectivityOffice Deployment Voice Deployment Active Rfid Tag DeploymentConfiguration Profiles and AP Groups Mobility Controller ConfigurationConfiguration Profiles Required LicensesProfile Types AP groupAP Groups SSIDs, VLANs and Role DerivationProfile Planning SSIDs VLANsSecure Authentication Methods Role DerivationAuthenticating with Corporate Authenticating with Captive Portal Authentication Methods for Legacy DevicesConfiguring Roles for Employee, Guest and Application Users Employee RoleGuest Role Create a bandwidth contract and apply it to an AP group Create the block-internal-access policy Modify the guest-logon role Device Role Role Variation by Authentication Method Wireless Intrusion Detection SystemWireless Attacks Rogue APs Page Mobility Controller Configuration RF Plan Tool RF Planning and OperationAdaptive Radio Management Page Minimum Scan Time Sec Quality of Service Voice over Wi-FiWMM and QoS Voice Functionality and Features Traffic PrioritizationNetwork Wide QoS Voice-Aware RF ManagementComprehensive Voice Management Voice over Wi-Fi Controller Clusters Mobility Management System LAN / WANMultiple Master/Local Clusters Page Multiple Master/Local Clusters Appendix a LicensesLicenses Appendix B Wlan Extension with Remote APWlan Extension with Remote AP Small Network Deployment Alternative Deployment ArchitecturesMedium Network Deployment Mobility Controller located in the network data centerBranch Office Deployment Corporate data center Pure Remote Access Deployment DMZ