01-23-2014 09:12 PM
New to Aruba's so maybe a real stupid question, but I want to setup 10 IAP-105's with several SSID, 1X SSID will get DHCP from the network, the other 2x SSID I want to get the Virtual Controller to give DHCP, but I want each SSID on a different subnet, for example:
SSID = VIP - Subnet 192.168.4.1/24
SSID = Visitor = Subnet 192.168.5/1/24
Also if this is possible would the AP NAT, therefore my interner router will only see the source IP as the AP 105, or will it forward the IP information so my router sees the original source address of say 192.168.4.112 ?
And if is possible to do multiple subnets are the segregated from each other? So Visitors cannot see VIP IP addresses and vice versa?
01-23-2014 10:23 PM
What kind of switch do you have connecting the 10 IAPs? I assume that these 10 IAPs are supposed to form a single cluster. Does the switch support VLAN?
01-24-2014 05:25 AM
HP 2910 48G POE, it does support VLANs but does not have DHCP server function, only DHCP relay. There is a basic internet router that can privide 1x DHCP subnet, but I wat to have 3 or maybe 4 SSID's in total and then have it so I can have them on different subnets and avoid at least the visitor SSID seeing the other networks.
01-24-2014 05:59 AM
From what I saw on the iAP if you have the iAP VC assign IP's then all the traffic will be NATed by the VC - thus your gateway will see only the VC IP not the clients IP.
And for the other part .... Yes you could define VLAN's on you DHCP scope server on the VC and when creating a speciffic SSID you would assign a VLAN with the Subnet that you want.
To block communication between the Clients either on the same SSID or on the same AP you need to go to the :
System -> click on "Show advanced options" -> and you choose either one of the 2 option depending on what you want to deny:
Deny inter user bridging - This is to block traffic between the clients on the SAME SSID
Deny local routing - This is to block the traffic between the client on the SAME AP (no matter what SSID and/or VLAN)
01-24-2014 06:11 AM
On the DHCP scope server what option should I use for a VC assigned DHCP pool specific for the SSID VLAN? I have attached image of options I get.
Also will this still NAT addresses so I only see the VC / Access point IP?
If I set a DHCP server for VLAN 10 and it is 192.168.5.1/24 will this actually relate to the VLAN on the HP switch and also provide DHCP to wired clients that are on VLAN 10?
01-24-2014 06:34 AM - edited 01-24-2014 06:37 AM
Here is the way that I did it on my HOME iAP :smileyhappy:
That way everyone on that SSID get's an IP from that specific VLAN / subnet.
As I mentioned by defining the subnet local on the VC then your HP doesn't get the traffic tagged as that specific VLAN.
Thus if you need the HP to see the VLAN you would need to use a relay and get something else to do the DHCP / VLAN
01-24-2014 10:08 AM