Wireless Access

Guys, I need sugestion and answers.

I need to segmentend 70 differents locations with VLANS.

The segmentation is based on the ap location itself(the user can migrate between locations), the ssid will be tunneld back to my data-center and there it will have my dhcp, ad, and radius(wpa2/enteprise).

My controller is a virtual one and just to be clear, I am having a lot of trouble(bugs) with it(conversions, upgrading, losing license, integration with my hyper-visor and etc).

So I can think two ways to accomplish what I need.

First.

Create more than 140 User roles parameters BSSID(one for 2.4 and another on for 5ghz).

I will need to already convert my APs to RAP, put them in their definitives group and (never change my SSID), wait to them to propagate my ssid and one by one copy and paste to create the User Rules.

The second way.

I create 70 differents groups, put my aps on them, create 70 ssid that will have each one with 70 exclusives vlans.

So there is a better way to acomplish what I need ? Second, My controller is strong enough to have 70 ssids and 70 groups ?

Hi Victor,

No, I am not...  I don't have budge for it.

What I have on my hands are firewall palo alto(on the data center), virtual controller, aps and windows servers(AD/DHCP/NPS/DNS).

I can use freeradius if it helps, but I would preferer to work with what I already have.

If each location needs to have a unique VLAN, the easiest way to do this is with AP Groups. Each location would be a unique group (which provides the ability for a location to have more than one AP without duplicating config) with each group calling a unique VAP that shares the AAA/SSID/etc profiles below it. In that way, SSID or AAA changes are propogated easily across all sites, but the location specific settings like VLAN are unique to the AP Group.

Thank you cclemmer,
But the vlan settings is part of the ssid profile. If I let it unchanged how I can use different vlans ?
This is why I said about create 70 differents ssids and 70 groups...

---

@rfRocha wrote:

Thank you cclemmer,
But the vlan settings is part of the ssid profile. If I let it unchanged how I can use different vlans ?
This is why I said about create 70 differents ssids and 70 groups...

---

What version of AOS? In 6.4/6.5, the VLAN is defined the the VAP profile, not the SSID profile. I'll double check whether AOS 8 changed this behavoir.

cclemer thank you, your tip did resolve my problem.

Just to make clear, it was only possible to do it using the command line, and on the interfaces I see a lot(70) ssids, with the same name but in gruops difirents, but I am trust the view of the CLI, that in reality is only one.

Ummm why not just use the Radius Attributes and make it easier. you can download the Radius attributes and add them to FreeRadius, write logic, and pass back the vlan to the user based on the AP name :)