Wireless Access

Can someone explain to me the difference between the MultiZone feature in ArubaOS 8 as opposed to simply using an IAP and taggin two separate SSIDs to their own VLANs using let's say Aruba Instant?

Is this just a matter of greater isolation, with ability to send traffic to two separate controllers?

Thanks.

The main thing to note with MZ is that since controllers do full encryption from the client to the controller, with MultiZone the controller crypto boundaries are maintained at the two separate controllers. So it's more than just different VLANs, it's entirely two separate crypto zones/boundaries AND the ability to control each SSID's config separately (so that Company A can manage Company A's APs and SSIDs, and Company B can manage their own controller and the MZ SSIDs terminated on their controller.

A zone is a collection of controllers under a single administrative domain. This could be a single controller, or a cluster of controllers. The MC controllers in a zone terminate all the tunnels for the APs that they control.

For example, you have a standalone controller in the DMZ. This controller puts the Guest WLAN on the corporate APs. This means that all corporate APs support connectivity for guests. So, the APs are all controlled by corporate MCs in the Primary zone, and corporate employee WLANs are tunneled to these same controllers. However, all Guest WLAN traffic is tunneled to the controller in the DMZ.
This gives you a more distinct separation between corporate and guest traffic.