Security

Just looking for a very simple example of how to configure a switchport (HP PRoCurve in this case), where the corporate network will be VLAN1, and the Guest VLAN will be VLAN5.   I understand that VLAN5 will need to be tagged, but I'm just hoping that there's anm Aruba community member whose done HP switchport configs before?   I'm mostly experienced with Cisco, so I'm assuming there are some slight differences between the two?

Thanks in advance!

Are you talking about instant or controller based APs?

My suggestion would be to have the corp users on their own vlan as well, instead of sharing with infrastructure and wired users.

Assuming they are instants, the untagged vlan will be the one you want the APs to get their ip address from, which I guess is vlan 1 in your case.  You then tag the other vlans that are used for the users.

Some differences between Cisco and HP:

   Trunk [HP] = Port-channel

   Trunk [Cisco] = 802.1Q

   You don't apply VLAN configurations to ports, instead you apply port information to the VLANs.

Ex: VLANs 1 and 5 [Cisco: Trunked] on port gig 0/1 with VLAN 1 being untagged.

vlan 1
   name "CORP"
   untagged 1
   ip address 10.1.10.254 255.255.255.0
   exit
vlan 5
   name "guest"
   tagged 1
   ip address 10.1.20.254 255.255.255.0
   ip helper-address 10.1.10.22
   exit

             You use the tagged and untagged commands to specify the port VLAN configuration.

They are all instant APs.  

What would the reasoning be for segmenting the WAPs out onto their own VLAN, versus just having them on the same corp vlan as my backbone network devices, if that's the network they would be serving?

It is generally a good idea to keep wired and wireless users separated if possible.

Just using 'a good idea' doesn't give an real data points as to why it's recommended, especially in a corporate environment with a small (/20 or less) subnet for corporate devices.

Is there any data which clearly delineates why wireless and wired users, accessing the same corporate infrastructure, should or shouldn't use the same vlan and IP range?

Qs-It,

It is mainly because broadcast traffic from wired clients gets replicated at line rate out of the wireless access points of clients on the same VLAN.  Wired clients can send broadcast traffic as fast as they can, but wireless clients back off sending in the face of traffic in the air.  This degrades wireless traffic substantially and creates a very poor experience.  There are many who deploy wireless and wired clients in the same subnet and as wireless adoption increases, people notice a dramatic slowdown and they start opening TAC tickets.  Separating wired and wireless clients allows you to sidestep this issue.