Hi,
We've struggled a LOT to get to our current setup, and now that it appears to be working like we want it to, I would really like some feedback from someone who knows more about Aruba products than me.
To quickly (an over-simply) descripe our setup, we have some HP 5400zl switches with an internal VLAN (say VLAN 10) with our servers, clients, firewall, company internet line etc.
And then we have a VLAN connected to an ADSL internet line for guests (say VLAN 20).
We have 20 IAP315 APs that we would like to behave like this:
SSID 1 (Guests):
Connected clients are forwarded out the VLAN 20 to gain internet access and nothing else. The VLAN 20 has its own DHCP server already.
Management:
We would like the APs to "talk" to eachother, have an IP, and have a Virtual controller IP - all on VLAN 10. This way we can control the solution from our normal internal network, and guests on VLAN 20 can't connect to the AP management interface.
The way it is configured right now is like this:
- On the HP switches the AP interfaces are untagged on VLAN20 (guests) and tagged on VLAN 10 (internal).
- AP's have IP addresses in the VLAN 10 range.
- Virtual Controller IP is in the VLAN 10 IP range.
- Virtual Controller VLAN has been set to VLAN 10 in System settings.
- Uplink switch native VLAN in System settings has been set to VLAN 20.
- A "Guests" SSID has been created for Guest use
- The Guests SSID Client IP Assigment is "Network Assigned"
- The SSID VLAN is Static to VLAN 20
- The SSID Acces Rules are set to "Unrestricted".
That's it. Only downside, as I see it, is that we have to connect new AP's to the internal untagged VLAN when we receive them. Then configure the AP, and THEN place it on a port where VLAN 20 is untagged and VLAN 10 is tagged.
Can anyone tell me if this is the correct way of doing it? If the management part could somehow be the primary VLAN, it would be easier to configure new APs.
Thanks,
Rasmus