Microbranch Deployment

Most WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. campus deployments typically have some remote branch site. AOS-10 currently supports deploying a single AP as a Microbranch AP in such remote sites such as home offices, small branch offices, retail locations, and so on.

AOS-10 enables APs in these remote sites to be configured and managed by the HPE Aruba Networking cloud platform, also known as HPE Aruba Networking Central. AOS-10 enables the APs to form an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel to the Gateway cluster of the parent WLAN campus. For the network administrator, configuring and managing these remote APs Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. can be done from the same HPE Aruba Networking portal that manages the parent WLAN campus network. For the user at such remote sites, connecting to the WLAN campus network is a seamless experience.

The following figure is a sample representation of the AOS-10 deployment in Microbranch. This architecture uses a WLAN tunnel orchestration service to set up IPsec and GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnels between the AP and the Gateway cluster of the parent WLAN campus network. The Microbranch AP establishes tunnels with gateway and encapsulates client's traffic in GRE over IPsec.

Figure 1  Microbranch Deployment

WLAN Tunnel Orchestration for Microbranch Deployments

The WLAN tunnel orchestration service from AOS-10 network in Microbranch deployments automates the formation of IPsec tunnels between APs of a remote site to the Gateway cluster of the parent WLAN network. HPE Aruba Networking supports IPsec tunnel configuration on APs for the following deployment scenario:

When an AOS-10 AP's license expires, or is revoked or changed due to an upgrade or downgrade, HPE Aruba Networking Central puts the AP into survivability mode. In this mode, the SSIDs continue to broadcast, and the clients remain connected to ensure network continuity. The Overlay Tunnel Orchestrator (OTO) service manages tunnel behavior based on the license type. OTO preserves tunnels for advanced licenses, including MultiZone configurations. However, if the user downgrades the license to foundation license, OTO deletes the tunnels as foundation licenses do not support MultiZone.