Wireless Access

Reply
Occasional Contributor II

Is it possible to link multiple VLANsin to SINGLE SSID?

Hi,

 

   I have an existing AD and wired infra with VLANs, i wonder if it's possible to link multiple VLANs into single  SSID thru IAP?

 

your suggestions will be greatly appreciated.

 

Thank you in advance

Guru Elite

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

The short answer is yes:  http://www.arubanetworks.com/techdocs/Instant_42_WebHelp/InstantWebHelp.htm?_ga=1.43038629.1615771646.1440445030#UG_files/vlan_conf/VLANSettings.htm?Highlight=pooling



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

Thank you for the response Sir,

 

    but what if the authentication of those VLANs will be dependent on AD ? perhaps I need ACPM on this.

 

what could be the recommended configuration flow on this?

 

thank you very much for your prompt response

Guru Elite

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

What are you trying to do?  That will determine what you need to configure.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

 a demo scenario, where in employees from different networks/department/VLAN have credentials on AD and they are trying to implement corporate wireless mobility thru a single SSID.

 

I've been thinking if I need the following components and how to implement it

a.2 IAPs (IAP-215)

b.MS AD 2008

c. Clearpass Policy Manager(?)

 

Thank you so much for your prompt response :)

Guru Elite

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

- A 802.1x SSID has a default or set vlan that user end up in when they authenticate successfully.  That is set in the SSID configuration.  The Instant AP needs to be on a trunk that has that VLAN tagged.

- Optionally the radius server that authenticates them can send back an attribute, Aruba-User-Vlan, that will give them an alternate VLAN.  When the optional VLAN is sent back the Instant AP needs to have a trunk that corresponds to that VLAN.

- The Aruba-User-Vlan attribute can be sent back using NPS with modification or you can use ClearPass, that has the capability already built in.

- First get 802.1x working with your clients on NPS.  Then, make sure you have trunking working between your switch and IAP, by changing the VLAN in the SSID.  Lastly, configure NPS to send back a different Aruba-User-Vlan attribute with radius responses to see if that is working.

 

Please see the post here: http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Setup-Dynamic-Vlans/m-p/91788#M2542 to see how to return a vlan attribute using NPS.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Is it possible to link multiple VLANsin to SINGLE SSID?

whoa! will surely simulate this advice once I get back to my LAB!

 

Thank you very much on this, will keep you updated on this! :D

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: