Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Microbranch Deployment
Most WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. campus deployments typically have some remote branch site. AOS-10 currently supports deploying a single AP as a Microbranch AP in such remote sites such as home offices, small branch offices, retail locations, and so on.
AOS-10 enables APs in these remote sites to be configured and managed by the HPE Aruba Networking cloud platform, also known as HPE Aruba Networking Central. AOS-10 enables the APs to form an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel to the Gateway cluster of the parent WLAN campus. For the network administrator, configuring and managing these remote APs Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. can be done from the same HPE Aruba Networking portal that manages the parent WLAN campus network. For the user at such remote sites, connecting to the WLAN campus network is a seamless experience.
The following figure is a sample representation of the AOS-10 deployment in Microbranch. This architecture uses a WLAN tunnel orchestration service to set up IPsec and GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnels between the AP and the Gateway cluster of the parent WLAN campus network. The Microbranch AP establishes tunnels with gateway and encapsulates client's traffic in GRE over IPsec.
Figure 1 Microbranch Deployment
WLAN Tunnel Orchestration for Microbranch Deployments
The WLAN tunnel orchestration service from AOS-10 network in Microbranch deployments automates the formation of IPsec tunnels between APs of a remote site to the Gateway cluster of the parent WLAN network. HPE Aruba Networking supports IPsec tunnel configuration on APs for the following deployment scenario:
- Full Tunnel—In this mode, the AP and Gateway cluster are managed by HPE Aruba Networking Central. The IPsec tunnels between the AP and Gateway cluster in a data center are orchestrated by the tunnel orchestration service. The DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. server in the data center assigns IP addresses to clients. The firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules and traffic shaping policies are applied from the AP, Gateway cluster, or both.
- Split Tunnel—In this mode, the administrators can configure a split-tunnel policy in the access rules and apply it to the user role in the WLAN SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. Based on the ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. configured for an SSID, client traffic to the corporate domain is tunneled to the Gateway in the data center and traffic to the noncorporate domain is forwarded to the Internet.
- Local Mode (NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. Layer 3)—In this mode, a local static DHCP pool is used for client IP address assignment. Source NAT is applied to both corporate and the internet traffic.
When an AOS-10 AP's license expires, or is revoked or changed due to an upgrade or downgrade, HPE Aruba Networking Central puts the AP into survivability mode. In this mode, the SSIDs continue to broadcast, and the clients remain connected to ensure network continuity. The Overlay Tunnel Orchestrator (OTO) service manages tunnel behavior based on the license type. OTO preserves tunnels for advanced licenses, including MultiZone configurations. However, if the user downgrades the license to foundation license, OTO deletes the tunnels as foundation licenses do not support MultiZone.