Controllerless Networks

Contributor I

IAP 105 - Virtual Controller Assigned IP's

Hello All,


New to Aruba's so maybe a real stupid question, but I want to setup 10 IAP-105's with several SSID, 1X SSID will get DHCP from the network, the other 2x SSID I want to get the Virtual Controller to give DHCP, but I want each SSID on a different subnet, for example:


SSID = VIP - Subnet

SSID = Visitor = Subnet 192.168.5/1/24


Also if this is possible would the AP NAT, therefore my interner router will only see the source IP as the AP 105, or will it forward the IP information so my router sees the original source address of say ?


And if is possible to do multiple subnets are the segregated from each other? So Visitors cannot see VIP IP addresses and vice versa?


Thank you.


Aruba Employee

Re: IAP 105 - Virtual Controller Assigned IP's

Hi Robert,

What kind of switch do you have connecting the 10 IAPs? I assume that these 10 IAPs are supposed to form a single cluster. Does the switch support VLAN?


Contributor I

Re: IAP 105 - Virtual Controller Assigned IP's

HP 2910 48G POE, it does support VLANs but does not have DHCP server function, only DHCP relay. There is a basic internet router that can privide 1x DHCP subnet, but I wat to have 3 or maybe 4 SSID's in total and then have it so I can have them on different subnets and avoid at least the visitor SSID seeing the other networks.

Re: IAP 105 - Virtual Controller Assigned IP's

From what I saw on the iAP if you have the iAP VC assign IP's then all the traffic will be NATed by the VC - thus your gateway will see only the VC IP not the clients IP.


And for the other part .... Yes you could define VLAN's on you DHCP scope server on the VC and when creating a speciffic SSID you would assign a VLAN with the Subnet that you want.


To block communication between the Clients either on the same SSID or on the same AP you need to go to the :

System -> click on "Show advanced options" -> and you choose either one of the 2 option depending on what you want to deny:

Deny inter user bridging - This is to block traffic between the clients on the SAME SSID

Deny local routing - This is to block the traffic between the client on the SAME AP (no matter what SSID and/or VLAN)

If you found my post helpful, please give kudos!
Contributor I

Re: IAP 105 - Virtual Controller Assigned IP's

On the DHCP scope server what option should I use for a VC assigned DHCP pool specific for the SSID VLAN? I have attached image of options I get.


Also will this still NAT addresses so I only see the VC / Access point IP?


If I set a DHCP server for VLAN 10 and it is will this actually relate to the VLAN on the HP switch and also provide DHCP to wired clients that are on VLAN 10?




Re: IAP 105 - Virtual Controller Assigned IP's

Here is the way that I did it on my HOME iAP :smileyhappy:


That way everyone on that SSID get's an IP from that specific VLAN / subnet.


As I mentioned by defining the subnet local on the VC then your HP doesn't get the traffic tagged as that specific  VLAN. 


Thus if you need the HP to see the VLAN you would need to use a relay and get something else to do the DHCP / VLAN

If you found my post helpful, please give kudos!
Aruba Employee

Re: IAP 105 - Virtual Controller Assigned IP's

Yes, if you define two DHCP scopes this way on two different VLAN Ids and subnets, it should work, however the switch you are using need to be configured to allow both VLAN IDs to pass through.
Search Airheads
Showing results for 
Search instead for 
Did you mean: