10-20-2015 07:14 AM - edited 10-20-2015 07:18 AM
Client has a data network (vlan1) 10.10.10.X that they share accross two separate buildings.
They have two IAP Clusters that they manage separately in each building. When clients get on wifi in that building they also pull from these addrss pools.
-Building 1 cluster (vlan 11) 10.11.0.X
-Building 2 Cluster (vlan 12) 10.12.0.X
In ssid vlan settings we have just left the default Network assigned/Default this places the client on the same subnet as the IAP cluster. No problem.
Client now wants wifi clients in both buidings to be placed on the data network (vlan 1). So I tagged vlan 1 out to all of the AP's and made the change in the ssid vlan to Static Vlan ID 1. This DID NOT work. Clients are still pulling addresses from the iap cluster network.
I'm assuming this is happening because the iap cluster thinks it's wired connection is vlan 1 and therefore I never actually get put onto the actual vlan 1 (10.10.0.X) network.
How can I correct this? Keep in mind that the client still wants to maintain the two separate IAP clusters in each building.
Thinking I need to go to More on top menu and pick wired and then edit the default profile and change the native vlan to either vlan 11 or vlan 12 on each cluster BUT the client is a good 4 hours away and I don't want to make changes to their production network without knowing what I'm doing is correct path to fix the problem.
Solved! Go to Solution.
10-20-2015 07:23 AM
By default IAP consider native vlan as 1 and consider the wireless users traffic from vlan 1 as untagged
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
10-20-2015 10:14 AM
Unfortunately not an option at this point. Vlan 1 is there data network and that is the way it's goingto stay.
Only other option I can think of is to merge the two clusters together and put them on vlan 1. Then tag vlan 10 out to all the AP in building 1 and vlan 11 out to all the AP in building 2.
If I have to do the above then what would be best way to do it?
-PoE down all the AP's except one.
-Change virtual controller IP to a vlan 1 address.
-Change switch port over to vlan 1
-Once it's up and working change all of the other AP switch ports over to vlan 1 and turn poe back on.
That should work right?
Still thinking there must be a better way. Maintain the two separate clusters and get clients in both buildings to connect to vlan 1.
10-21-2015 10:55 AM
There's an option in iAP configuration to set the management VLAN.
I've never messed with it, but assumed it was for moving managment to a tagged VLAN rather than a native one (usually VLAN1)
Is anyone using that and can explain what it does?
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
10-22-2015 07:49 AM - edited 10-22-2015 07:50 AM
I've been testing this in my lab. NO GO !!!.
Yes I tried to change the management VLAN on the AP but that didn't work. Also tried to edit the wired Eth0 profile, also tried to specify virtual controller vlan setting. Believe I've checked boxed and uncheck boxed about everything I can find to try and get the IAP to know that it's wired connection is something other than vlan 1 but no go. No matter what I do it seems to always think it's wire is vlan 1. Can't find any way to change it.
I'm offically giving up on this. Maybe future firmware release will resolve (hint hint aruba). If anyone figures it out and can get it working let me know.
10-22-2015 08:29 AM - edited 10-22-2015 08:31 AM
OK... so looks like I posted this "Can't be done" just a tad premature because I have it figured out now.
What you need to do is to SSH onto virtual controller. Put in command
enet-vlan 11 (For building 1 in my example)
Make your uplink port to the iap
vlan 1 Tagged
vlan 11 untag (or native vlan)
Create your ssid's and choose static and specify vlan 1.
Note I found that if you leave the option as Network assigned/ Default you will be placed on vlan 1. If you want to in fact put clients on vlan 11 you will also have to specify static vlan 11 in this case.
Hope this helps the rest of you out. (What a pain---next time sell a controller !!!)