Aruba’s Cloud Wi-Fi: Eliminating Unnecessary Stuff

Share Post

Aruba's Cloud WiFi eliminates much of the bloat and pain that too often complicated branch office rollouts.

Our secret sauce lies within Aruba's virtual controller, which always lives on the AP with the longest boot time. Once the first AP is configured, subsequent APs added to the same L2 network will inherit their configuration from the AP elected "virtual controller", and if the elected AP reboots, the AP with the next longest boot time will take over as virtual controller.

While the benefits of a simpler initial installation obvious, the not-so-obvious benefits revolve around having this cluster-level redundancy.

1) Eliminating Painful RADIUS Configs

With Aruba's Dynamic Proxy RADIUS, RADIUS requests are proxied through the virtual controller. That means that you don't have to allowlist all of your APs' IP addresses on your RADIUS server, just the IP of the virtual controller, which is transferred to each AP that is elected. In some environment, this can mean a lot of saved times not having to statically assign IP addresses.

2) Eliminating VPN hardware

Since IPsec tunnels initiated from a virtual controller (which is up as long as at least one AP is up), there is often no need to purchase dedicated site-to-site VPN hardware. Even a single AP can always connect back to a centralized controller.

3) Eliminating router and firewall

Guest traffic on an SSID can NAT behind a virtual controller, which can save the headache of installing a branch router. Those wanting an all-in-one solution might use the internal DHCP servers (several different scopes, each of which can support a /23 sized subnet). User level throttling is available per SSID, as well.

4) Eliminating WAN failover

Should your office have two Internet connections (e.g. cable and DSL modems), you have the option of giving your virtual controller two WAN IP addresses. When one WAN connections goes down, traffic will flow out the other gateway. If a second WAN connection is not available, a 3G or 4G modem can be plugged into a USB port in the back. Meraki and Aerohive do not let you do this at the AP-level and require a separate appliance for this WAN failover features.

5) Eliminating a POE power source

Aruba model RAP-3 and AP115 both can output POE, which can power devices on a desk, such as a phone. No other cloud-based AP can do this!