ArubaOS 10 Series - Part 4 - Adding CX switch to Central and config of tunnel/mixed mode SSID.
Вставка
- Опубліковано 16 вер 2024
- In this video I am going to show you how to add an Aruba CX switch keeping the existing configuration to Aruba Central. Then we are going to configure both a tunnel and mixed mode SSID and show how to tunnel clients to a gateway and in case of mixed mode also how to bridge one client and tunnel the other.
⏰Timestamps:
00:22 Adding Aruba CX switches to GLCP
01:02 Add device to GLCP and apply subscription
02:16 View switch in Central and move group (retain CX switch configuration)
03:36 Switch GUI and MultiEdit configuration
04:18 Assign switch to site
05:08 Network diagram
06:18 Configuration of tunnel mode SSID
08:03 Configuration of VLAN’s on switch
08:40 Configuration of VLAN’s on gateways
09:21 View GRE tunnels in L3 router/firewall
10:00 Show clients in Central
11:10 View gateway cluster in Central
11:48 View access tracker in ClearPass
12:02 Interesting commands in CLI of AP
12:47 Configuration of mixed mode SSID
Thank you John,
Everyone that is considering using tunnel mode with Cloud Guest be aware that mac-caching won't work. (told by tac)
2:39 shift group and retain configuration.
Why was a static IP address set on VLAN 1 if we already had a sys-IP on vlan 4000?
Many Thanks John, why do you use a separate IP172.20.20.x for System IP and not the vlan 1 IP? Is this Best Practice?
He provisioned the gateways in the previous video. I would guess the system IP for the gateways must be static. VLAN 1 is just for provisioning devices (i.e. APs or downstream trunked switches) using DHCP (router is the DHCP server)
Do you have a video on how to configure snmpv3?
I'm wondering how a tunnel traffic(VLAN 200) on 2 APs reaches CX 6100.
It actually does not reach the CX6100 intisailly, it traverses the tunnel towards gateway. then egress the gateway towards the LAN on VLAN200, from there is local switched (in VLAN200) or intervlan routed (via router) or sent out the router edge toward the WAN/Internet.
what is bridge vlan and tunnel vlan? is it q in q ?
It is not QinQ but tunneled means traffic is tunneled to a gateway and bridge means it comes out locally via the ethernet interface of the device.
@@jcmschaap Correct. The AP connects to a trunk port, which tagged traffic (i.e., bridge VLANs) are handed off to the CX6100 to be switched within their respective VLAN.
what is tunnel/mixed mode ssid?
Those are the forwarding modes that can be configured per SSID. In tunnel mode all client traffic is send through a tunnel to a gateway and in mixed mode you decide per client what to do, tunnel the traffic or bridge out locally on the AP.
@@jcmschaap why will someone choose one over the other?
@@anoano6598 in tunnel mode you have full control with the stateful firewall found in the gateway and you also centralize all VLAN's in tunnel mode and in bridge mode all client VLANs need to exist on every port where the AP is connected to.
@@anoano6598 network segematation. I have done this where I want to monitor traffic or I have guestaverse different paths tha VLAN traffic trn corporate traffic. For example, contract SSID I bridge route it through a segment VRF out of a designated firewall/Internet. Think of zero trust as the reason for client traffic diversity