07-25-2016 08:57 PM
Could anyone please suggest me how i can assign select VLANs on the same SSID by using WLAN Controller?
Scenario: Say there are total of 3 departments having separate VLANs e.g. VLAN20 for Finance department, VLAN30 for IT department, VLAN40 for Sales department.
I want to create and keep the same single SSID (say "HeadOffice") for all three departments. The requirement is whenever users from Finance and Sales department try to establish connection (via "HeadOffice"), they always get connected to their respective VLANs only and not from VLAN30 which is IT department.
Please guide me through the process if there is any possibility of accomplishing this task.
07-26-2016 01:14 AM
There are two parts to this issue:
(1) Possibly deploying 802.1x
(2) Does every department need their own subnet?
With regards to #1, 802.1x is complicated, but not impossible. It should be done separately from #2, because it requires the configuration of a Radius Server, a Certificate Authority and Clients, which should be piloted before going into production. If you have a domain, detailed information on how to deploy radius on an NPS server is here: http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113
With regards to #2, alot of people think that they need to deploy differing users into their own subnets, but an ip address is just a way to get traffic to and from users and adding a subnet for each floor or each department demands creates management overhead (more subnets), but does not really do anything, security-wise. Realistically, you need to deploy #1, to be able to differentiate users (typically by AD groups), before you consider #2., since there is no way to even differentiate users securely unless you use 802.1x.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base