Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 2
Registered: ‎03-13-2013

IAP and VLAN newbie

I have just ordered a set of 4 IAP-105's and am going to set them up shortly.

 

I was planning to connect them all to a single separate VLAN to enable them to see each other. Does that sound right? They will be spread out over 3 floors, so I am not able to connect them all to the same switch. Several switches will be involved (they are a mixed bag of Dell PowerConnects)

 

Additionally I plan to create 4-5 SSIDs, each of which will serve different purposes:

 

One guest WLAN, one employee-straight-to-internet WLAN, two different employee-radius-authenticated internal WLANS.

 

I am hoping that I can also use VLANs to make sure that the traffic from the APs to the WLANS end up in the right place. I can see how to associate a VLAN with an SSID, but I guess that what I fail to grasp is what VLAN to assign to each of the switch ports that the APs are connected to. I mean each AP needs to communicate with several VLANs.

 

As should be plainly obvious, I do not know much about VLANS, but fortunately someone else in my organization does. I am however hoping to understand a bit more of what is needed from the VLAN configuration of the switches, before I go talk with the persons that sets them up.

 

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: IAP and VLAN newbie

Hello

Wecome to the forum

 

As one of my first advices 5 SSIDs is oo much... it will make your trhoughput lower...

Try not making more than 3, best is just 2.  There is a traffice management overhead that will take BW if you use 5 SSIDs

 

You could have one SSID for Guest and one SSID for internal corporate users

 

If you got all your internal users with radius you can sent the value with the filter id to the AP which would be the name of the ROLE you will put it

 

For example

 

using 3 filter ids

 

Managers

IT

Sales

 

Manager will get their own role which tell the AP that they just can access i don tkjnow some servers

IT got another role that got access to everything

and sales let say they just got access to internet but not internal servers....

 

And there you just used 2 SSIDs which is the best :)

 

Also create separate vlans let say one NEW vlan for the internal users over wireless... try not mixing wireless clients and wired clients in the same vlan.   That affect the wireless network

 

The Guest should be a network that just exist on the Virtual controlle, dont make a vlan inside your network that is routable for those Guest.... instead you should have one network behind the Virtual controller and nat through it.  And also you should build a role in which you will put that those users just got access to internet and nothing more after the authentication...

 

And yes all the APS should be int he same vlan so they can form a Virtual controller...

 

I dotn know if that make sense or i just confused  you even more?

 

It would be good if you could read a bit of hwo to set the things up and if something doeesnt work we will help you!

on the user guide you will see that its pretty simple they guide you with screenshots and everhytihhing...

But well just try and if something is not working we can help there are many of us that can always help even aruba employees they are awsome! and always willing to help

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
New Contributor
Posts: 2
Registered: ‎03-13-2013

Re: IAP and VLAN newbie

Hello Carlos and thanks for answering so quickly.

 

I will mainly take your advice and postpone most of this until I have the Access Points in hand and have done the initial setup. This I can do now since you confirmed that I should create a separate VLAN so the all the APs can see each other and form a virtal controller. Let's call this VLAN A.

 

But just one thing: Let's say that I really only want to create a guest network (for now), so that I will simply just create one SSID. all of this traffic needs to "end up" on a VLAN (let's call this VLAN B) which already exists in our DMZ and onto which guests already today occasionally connect wired machines, and in which we have one or two home-style access points connected (they are being replaced by the Arubas now). How will I make sure that the traffic from my SSID ends up in VLAN B?

 

I mean: Let's say that VLAN B is actually VLAN 12. I can certainly select static and type 12 into the VLAN box for the SSID. But how will the traffic get to the other VLAN?

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: IAP and VLAN newbie

Hello again

Aruba Recommends that the vlan that you got for Guest it just exist on the Aruba instant controller... an subnet that is not routable through your network...

 

If you want to put a vlan that already exist on your network then you must trunk that vlan to all your IAPS, and then on the instants APs trunk it back to the switch

 

I dont know if that asnwer your questions?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: