Controllerless Networks

Reply
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

vlan on different SSID

I'm trying to allow a segment of our users access to a specific VLAN on our network. We currently have two VLANS; VLAN1 - 10.1.0.0/24 network VLAN1000 - 192.168.57.0/24 network. I'm wondering what the best option is to have specific users use VLAN1000 when they connect to the wireless network.

 

We had a DHCP server that is set to hand out the IPs for the two scopes and it works via wired connection. One thing I've noticed is I have to set the switch port to switchport access vlan1000 if I want them to grab the proper IP. Could this be a hinderance to getting wifi to work? 

 

Any direction anyone can point me in is greatly appreciated.

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: vlan on different SSID

What are you using for a RADIUS server? You can return VLANs and roles based on identity groups and other attributes.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: vlan on different SSID

I am not currently using a RADIUS server. What would that setup option look like? Would this be the best option?

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: vlan on different SSID

If your users have directory accounts, there are many benefits to using 802.1X for your network.

If you want to stick with what you have today, you can use user derivation rules which will require you to know all of the user's MAC addresses that you want to put into that VLAN.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: vlan on different SSID

We have plans to convert over to RADIUS in the future, but that is a larger project on the backlog. Since this is the "in-between" project, what about getting a secondary SSID setup? Where would I find information on how to set that up properly to pull those IPs from the DHCP server?

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: vlan on different SSID

You would simply assign that VLAN to the virtual-ap for that SSID and any user that connected to that SSID would be dropped into that subnet.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: vlan on different SSID

When I try that it doesn't hand out the IP addresses. Do I need to set the switchport information to anything differently than default to allow for the AP to have access to both vlans?

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: vlan on different SSID

[ Edited ]
Sorry just realized you're using Instant. You'll need both VLANs tagged to all of your APs.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: vlan on different SSID

I'm not sure, sorry I was not the original person who set these up, how would I check that?

MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: vlan on different SSID

that would be something on the switch side. if nothing was changed the IAP will just listen to all VLANs.

Search Airheads
Showing results for 
Search instead for 
Did you mean: