Most WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. campus deployments typically have some remote branch site. ArubaOS 10 currently supports deploying a single AP as a Microbranch AP in such remote sites such as home offices, small branch offices, retail locations, and so on.
ArubaOS 10 enables APs in these remote sites to be configured and managed by the Aruba cloud platform, also known as Aruba Central. ArubaOS 10 enables the APs to form an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel to the Gateway cluster of the parent WLAN campus. For the network administrator, configuring and managing these remote APs Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. can be done from the same Aruba portal that manages the parent WLAN campus network. For the user at such remote sites, connecting to the WLAN campus network is a seamless experience.
The following figure is a sample representation of the ArubaOS 10 deployment in Microbranch. This architecture uses a WLAN tunnel orchestration service to set up IPsec and GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnels between the AP and the Gateway cluster of the parent WLAN campus network. The Microbranch AP establishes tunnels with gateway and encapsulates client's traffic in GRE over IPSec.
Figure 1 Microbranch Deployment
WLAN Tunnel Orchestration for Microbranch Deployments
The WLAN tunnel orchestration service from ArubaOS 10 network in Microbranch deployments automates the formation of IPsec tunnels between APs of a remote site to the Gateway cluster of the parent WLAN network. Aruba supports IPsec tunnel configuration on APs for the following deployment scenario:
- Full Tunnel—In this mode, the AP and Gateway cluster are managed by Aruba Central. The IPsec tunnels between the AP and Gateway cluster in a data center are orchestrated by the tunnel orchestration service. The DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. server in the data center assigns IP addresses to clients. The firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules and traffic shaping polices are applied from the AP, Gateway cluster, or both.
- Split Tunnel—In this mode, the administrators can configure a split-tunnel policy in the access rules and apply it to the user role in the WLAN SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. Based on the ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. configured for an SSID, client traffic to the corporate domain is tunneled to the Gateway in the data center and traffic to the non-corporate domain is forwarded to the Internet.
- Local Mode (NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. Layer 3)—In this mode, a local static DHCP pool is used for client IP address assignment. Source NAT is applied to both corporate and the Internet traffic.
Microbranch Deployment Workflow
Microbranch operates at the branch to optimize and control WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance., LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server., and cloud security services. The Microbranch provides features such as routing, firewall, security, and website content filtering. With support for multiple WAN connection types, the Microbranch routes traffic over the most efficient link based on availability, application, user-role, and link health. This allows organizations to take advantage of high-speed, lower-cost broadband links to supplement or replace traditional WAN links, such as MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. .
The provisioning of Microbranch deployment includes the following steps:
Figure 2 Microbranch Deployment Workflow
Add the APs to Aruba Central by using an evaluation account or a paid subscription.
For more information on onboarding devices, see the Devices section in the HPE GreenLake Edge to Cloud Platform User Guide.
By default, the automatic license assignment is disabled.
For more information about assigning subscriptions to devices, see the Devices section in the HPE GreenLake Edge to Cloud Platform User Guide.
Aruba Central simplifies the configuration workflow for managed devices by allowing administrators to combine a set of devices into groups. A group in Aruba Central is the primary configuration element that functions as a container for device management, monitoring, and maintenance. Groups enable administrators to manage devices efficiently by using either a UI-based configuration workflow or CLI-based configuration template.
For more information on creating a Microbranch group, see Creating a Microbranch Group.
Aruba Central supports assigning APs to groups for ease of configuration and maintenance.
For more information on assigning APs to a Microbranch group, see Assigning APs to a Microbranch Group.
Aruba Central supports configuring a Microbranch through the dashboard.
For more information on configuring a Microbranch through the dashboard, see Microbranch Configuration Dashboard.