----- "Mahabub Alam" <[EMAIL PROTECTED]> wrote: | I was just wondering if anybody has deployed CCA in controller based | (specifically Aruba controllers) WLAN environment. If you have, I | would really appreciate if you can share some design details and | configuration examples. Specifically I would like to know how to force | wireless users (from a specific SSID) to CCA server in an Aruba | centric wireless environment.
We're using Aruba WLAN controllers with CCA for non-802.1x wireless clients. The CCA server has to be in-band for wireless as far as I know. Configure the in-band CCA server to be in "Real-IP Gateway" mode. Create a VLAN for each wireless SSID you'd like to keep separated from each other. There is nothing stopping you from using the same VLAN for multiple SSIDs but thats probably not what you want. On the CCA in-band server define interfaces for these VLANs and have the CCA server be the layer 3 default gateway for the VLANs. On the Aruba side configuration is trivial. Push the VLANs you created for the various SSIDs to the controller (your controller is VLAN trunked, right?) and make sure the controller has the appropriate "vlan" definitions in the configuration. You can tell the Aruba gear to put all traffic from SSID "foo" on vlan 99 with something like: wlan virtual-ap "Foo" ssid-profile "Foo" vlan 99 [... snip ...] For larger wireless deployments with hundreds or thousands of concurrent users on the same SSID you may wish to create a number of VLANs and let the Aruba gear split up the clients between the various VLANs: wlan virtual-ap "Foo" ssid-profile "Foo" vlan 99-103 [... snip ...] Getting 802.1x working (and considering if we're staying on CCA in the long term) is on my to-do list for "before the fall semester begins". I'd love to hear from 802.1x users not on Cisco's AP gear that got the radius accounting packet SSO method working. I haven't tried it yet and I'm fearing having to rewrite or proxy the RADIUS packets on their way to the CCA servers. -- Bruce A. Locke [EMAIL PROTECTED] HAB 50 - (845) 257-3809 Network Administrator Computer Services State University of New York at New Paltz
