Deploying Aruba IAP Zones
Deploying Aruba IAP Zones
06-22-2017 10:22 AM
If you are new to the Aruba Instant products, you may be wondering if/how you can selectively broadcast SSID within your IAP cluster. The good news is that you CAN do this by using the Zones feature within the IAP. This is useful when you are trying to control what areas certian SSID are broadcast in within your physical AP deployment. In some cases, it could even be considered a security risk to broadcast specific networks everywhere. For instance, point of sale networks may not be needed in guest room areas of a hotel to prevent unwanted access attempts to sensitive data.
Customer has Aruba Instant APs (IAP) that they want to selectively broadcast SSIDs throughout the deployment.
Example Use Case:
Hotel customer has a “Public” network they want to broadcast in the hotel lobby, but wants to broadcast a “Private” pay-as-you-go network in other areas like hotel rooms.
Within the IAP architecture, Aruba has implemented a “Zone” feature that is configurable in both an Airwave managed IAP cluster and non-Airwave managed cluster. The purpose of this feature is to allow selective broadcast of SSID within an IAP deployment. It functions by only allowing a configured SSID to broadcast on IAPs that have matching zone configuration.
An example of non-Airwave managed configuration can be seen in the IAP Virtual Controller WLAN settings (Figure 1) and the individual IAP settings (Figure 2). Figure 1 highlights the 'Zone' field that is used. This field can contain any string of information selected and all IAP that have a matching Zone field will broadcast that SSID. If an IAP does not have a zone field that matches what is set in the WLAN profile, it will not broadcast that SSID. Other caveats are noted at the conclusion of this article.
For users that use Aruba Airwave to configure their IAP cluster, you can implement this feature as well. Airwave managed cluster configuration examples using the IAP GUI Config are shown in Figure 3 & 4. The same prinicpals and caveats mentinoed above apply to Airwave managed clusters as well.
Once configured, you will see in Figure 5 that a scan of the spectrum shows the correct deployment. In this example one IAP was configured in zone “225” with the Public SSID being configured in the same zone. Thus, only the IAP (Channel 1/52) is broadcasting the Public SSID. The Private SSID was not configured with a zone and thus is broadcast on ALL IAPs in the cluster (IAPs Channel 1/52 & 11/116).
The following constraints apply to the zone configuration:
- An IAP can belong to only one zone and only one zone can be configured on an SSID.
- If an SSID belongs to a zone, all IAPs in this zone can broadcast this SSID. If no IAP belongs to the zone configured on the SSID, the SSID is not broadcast.
- If an SSID does not belong to any zone, all IAPs can broadcast this SSID.
Device versions used:
IAP 225/325: 188.8.131.52-184.108.40.206