Wireless Access

Reply
Contributor I

New to Aruba -- seperate vlans for users and APs

Setup:

4 - 3600 controllers (1 master and 3 local)

Testing with an AP105

 

I would like to setup a seperate vlan for APs and Users.  Currently the AP105 is plugged into a L3 access switch on its own VLAN.  I guess my only question is how do I do this?  Should I create a new AP port configuration or just leave it as default?  

 

Example:

AP Subnet - 10.80.0.x

User - 10.80.1.x

Aruba Employee

Re: New to Aruba -- seperate vlans for users and APs

Hi

 

You can tunnel the client trraffic back to the controller and let it out there on the client VLAN. You can look at  our VRDs (Validated Reference Design guides). If you look at the Mobility VRD in chapter 4 the use of AP VLAN and User VLAN  is explained 

http://www.arubanetworks.com/vrd/ControllerVRD/wwhelp/wwhimpl/js/html/wwhelp.htm

 

Also look at the other VRD a lot of good information to find there. http://www.arubanetworks.com/technology/reference-design-guides/

 

 

 

 

 

Br,

Thomas

Re: New to Aruba -- seperate vlans for users and APs

 

You shouldn't have to make any changes on the controller.

 

You may need to reboot the APs so they can request a new IP address.

 

What's the current configuration under the AP port profile?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: New to Aruba -- seperate vlans for users and APs

Thank you that is what I needed.  One last question, hypothetically if I would assign a building a /24 and there would be more devices than the VLAN could handle, would I have to increase the VLAN size?

Contributor I

Re: New to Aruba -- seperate vlans for users and APs

Wired AP Profile is "Default" - no wired ap enable, access mode and trunk mode are both VLAN 1. 

Re: New to Aruba -- seperate vlans for users and APs


richreitenauer wrote:

Wired AP Profile is "Default" - no wired ap enable, access mode and trunk mode are both VLAN 1. 


You should leave it as default.

 

Are you using the controller as your DHCP server ? if yes then you should use more than 512 leases on the internal dhcp server on the controller.

 

If the answer is no then you should be able to do this on the fly on your external DHCP server. But you may need to consider turning on Drop broadcast/Multicast on the VAP and bcmc optimization on the actual VLAN so avoid a large amount of droadcast on the wired and on wireless.

 

Note: You should turn on these features only if any of your Applications your wireless clients doesn't require multicast.

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: New to Aruba -- seperate vlans for users and APs

Thanks.  Here is where the problem lies, I would like to migrate away from VLAN 1 which is on a physically seperated network.  I do have another VLAN setup 10, which is the one I would like to migrate to.  Would I need to setup a new Wired AP Profile to do this? 

Re: New to Aruba -- seperate vlans for users and APs

 

You should be able to do this, are you assigning static IP addresses on your APs ? if not you should be able to do this but remember that you may need to reboot your APs and clear the ARP entries for VLAN 1 on your switch .

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: New to Aruba -- seperate vlans for users and APs

Thanks again for your answer, no the APs are getting DHCP addresses.  I read chapter 4 on the VRD-Aruba Mobility Controllers v9, and it says not to put the APs on a dedicated VLAN in case of trying to find Rogue APs.  However, at some point we would like to implement Clearpass for wired and wireless authentication.  Which negates that statement for which APs should be placed on their own vlans.

 

Also, should I create a VLAN pool (5,6,7) of /24 for 1 building?  The reason I ask is due to the possibilities that over 253 people might connect to APs in one particular area.

Re: New to Aruba -- seperate vlans for users and APs


richreitenauer wrote:

Thanks again for your answer, no the APs are getting DHCP addresses.  I read chapter 4 on the VRD-Aruba Mobility Controllers v9, and it says not to put the APs on a dedicated VLAN in case of trying to find Rogue APs.  However, at some point we would like to implement Clearpass for wired and wireless authentication.  Which negates that statement for which APs should be placed on their own vlans.

 

Also, should I create a VLAN pool (5,6,7) of /24 for 1 building?  The reason I ask is due to the possibilities that over 253 people might connect to APs in one particular area.


You should create a VLAN pool , are you planning to use hash or even ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: