Wireless Access

If we create "Virtual Controller managed"-VLANs, by configuring them via "More->DHCP-Server->Local L3..." - Would it be possible, if the SSID set to "Virtual Controller managed" + "Default", to dynamically assigning VLANs by returning RADIUS attribute "Aruba-User-Vlan"? So this would mean, that every dynamically assigned VLAN would be NATted on the VC? As well, the VLAN would not have to be configured on the switch port uplink, since there is a (GRE?) tunnel between the IAP and VC, correct?

Hi,

I don't think it is feasible. But we can wait for others to comment.

Regarding your question related to defininf vlans on the uplink swithc, please refer to the VLAN portion in the following explanation:

"DHCP Profile for Local Mode:

In local mode, the master AP in an IAP cluster is both the default gateway and DHCP server for clients that connect to an SSID or wired port that operates in this mode.

In local mode, the master AP assigns an IP address
from a configured local subnet. The subnet is not a Layer 2 or Layer 3 extension of the corporate subnet and the WLAN controller in the data center has no visibility to this subnet.

Client traffic that must be forwarded to corporate destinations is source NATed by the master AP using the inner IP address of the IPSec tunnel. Traffic that is destined for the Internet or local destinations is source NATed using the physical IP address of the master AP.

The following configuration settings are used for a local mode DHCP profile:

Name: This setting defines a unique name for the DHCP profile.
Type: This setting defines the Instant-VPN mode for the DHCP profile. The available options are Local and Local L3.

 VLAN: This setting defines the VLAN ID for the subnet that is used in the DHCP profile. This VLAN ID must be defined in the VLAN settings of an SSID or wired port to allow it to operate in the appropriate Instant- VPN mode. This VLAN ID should also be configured on the switches and allowed on the trunk links, between VC/master & slave IAPs.