Wireless Access

Reply
Contributor II

Multiple Subnets with the Same SSID profile?

Right now I have a large subnet servicing multiple locations. I want to break up the locations into their own individual subnets.

 

I have a vlan configured on the vap, and I imagined changing that might work. BUT I also realized I am using clearpass and sending a role that has a vlan attached to it back to authenticated users.

 

What takes priority? Do I need to make multiple roles? I figured multiple VAPs would be the first step to setting this up. But what about roles? Do I need to create user roles for each location?

Re: Multiple Subnets with the Same SSID profile?

Do you currently have a VLAN assignment under the user-role

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Multiple Subnets with the Same SSID profile?

Yes I do. The roles have VLAN ID assigned.

Re: Multiple Subnets with the Same SSID profile?

If every location will have its own AP-Group/VAP then you can get away from assigning the VLAN at the user-role level and just do it on the VAP

The other option is to send that VLAN from ClearPass based on the AP-Group/Location
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Multiple Subnets with the Same SSID profile?

So I can see how that would work with the corporate network and the guest network. But we have apple TV that joins guest network (non-802.1x) and gets a role from clearpass to have the same vlan as corporate network.

 

So it using clearpass the better method? Can you direct me to documentation on setting that portion up? Is it not ideal to assign the vlan based on user role? Obviosuly I'd like the least amount of complexity possible because this network is scaling rapidly.

Re: Multiple Subnets with the Same SSID profile?

Do you need different VLANs for your AppleTV based on the location too?

Doing it at the user-role level is not a bad practice is just wouldn't work for what you are trying to do
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Multiple Subnets with the Same SSID profile?

Yes I'd like to have the AppleTVs show as the subnet of the location. So it needs to be different based on the location as well.

Re: Multiple Subnets with the Same SSID profile?

In that case you will need to send the VLANs for each location from ClearPass using the Aruba:Aruba-AP-Group attribute as a condition to get the right VLAN for the AppleTVs since the Guest VAP has two uses cases (Visitors and Headless Devices)

Visitor/Guest will be fine with the VLAN assigned in the VAP
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor II

Re: Multiple Subnets with the Same SSID profile?

So just for clarity. I can put VLAN in VAP for the corporate network and the guest network.

 

Then for the AppleTVs I assign a vlan based on location (ap group)?

So I should remove vlan from the User Roles all together?

Re: Multiple Subnets with the Same SSID profile?

Correct
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: