Wireless Access

We are running ArubaOS 5.0.4.1 currently with all M3 controllers.

We are running the wireless for a multiple campus university.  The master and two of our locals are at our main campus and we just brought a second campus online with it's own local pointed at our master.  Both the guest and enterprise wireless clients are on the same vlan on our main campus.  However, the second campus would like to keep the guest traffic on a different IP subnet.  That campus has a content filter in place and they do not want to filter the guest traffic.

Our SE recommended we reference the VLAN by name instead of ID that way the name could reference a different ID at each location.  However, both campuses use the same name and ID.  So, even if I switch over to the name, it is still going to reference the same VLAN ID.

So, we have VLAN 14 "Users" setup on the master and local and all users are currently in VLAN 14.  We setup VLAN 666 for the guest users at the second campus.  I called it "Public".  Is there anyway to have the guest SSID reference VLAN 666 and the enterprise reference VLAN 14 at the second campus and then both reference VLAN 14 at the main campus?

I thought about creating a second guest SSID for the second campus but we are trying to homogenize the campus wireless setups as they were both being done separately and differently before.

Thanks!

This can easily be done with different AP groups per location (each location having its own AP group). For each AP group, you can create a new config to meet your requirements.

In addition you can also use a VLAN name.  Link below provides information on configuration.  Based on what you are trying to do, minimize the configuration, the VLAN name would be the way to go.  You can use the same name in both locations and then have the local controller tie to the correct VLAN.

http://kb.arubanetworks.com/cgi-bin/arubanetworks.cfg/php/enduser/std_adp.php?p_faqid=904

can you really have two different names for the same VLAN as he needs to have in that case for his HQ?

In this instance you would use a named VLAN for for Guest.  On the main campus it would tie to VLAN 14 on the second campus it would tie to 666.  The enterprise VLAN would be untouched.  Provided I follow correctly.

Ok.  So, on my local I have:

vlan 14 "Users"
vlan 25 "Management"
vlan 666 "Public"

On my HQ, I have:

vlan 14 "Users"
vlan 10 "Management"

I do have different AP groups.  But, the SSIDs are shared amongst the groups since you cannot create multiple SSIDs with the same name.  So, how would I alter the WLAN settings so that it only impacts that group.  Don't I make a change to the entire WLAN in all groups when altering the settings? 

Ok, so I followed the KB article posted earlier in the thread.

On the master i did:

vlan-name Enterprise

vlan Enterprise 14

vlan-name Public

vlan Public 14

wlan virtual-ap "enterprise-vap_prof"

vlan Enterprise

wlan virtual-ap "guest-vap_prof"

vlan Public

Then on the local, I did:

vlan Enterprise 14

vlan Public 666

Saved all of that and for a few minutes it all worked.  While I was troubleshooting DHCP on VLAN 666 however, both the enterprise and guest WLANs stopped working at HQ.  Any thoughts as to what I missed or did wrong?

Thanks!

Type "show profile-errors" to see if you have an error on your configuration on your master.

Ok.  I'll try this.  I had to back out of the changes to get it back up.  I am going to try again this weekend in a maintenance window.

Ok.  I tried this again this morning.  I started with just the guest VAP.  I converted it to the "Public" vlan which is pointed at VLAN 14 which is the same VLAN ID it was on.  When I did that, I applied and saved to push the config out to the locals.  Almost immediately, the guest SSID went away.  I tried the 'show profile-errors' and got nothing:

(ARUBA-MASTER) #show profile-errors

Invalid Profiles
----------------
Profile Error
------- -----

(ARUBA-MASTER)

I went back in and put it back to VLAN 14 and applied and saved and it came right back up.  Very strange.

I figured out what I was doing wrong.  I should have seen this.  I was setting the vlan-name and mapping the vlan names to the IDs on the master and the local at the other campus.  But, I didn't map the name to the ID on the two locals at HQ.  DUH!

Thanks for the help!