07-23-2012 05:53 PM
We just got our new Aruba gear. The controller is a 6000 with two M3s using VRRP for redundancy. A couple questions:
1. We have one SSID that uses the builing captive portal. Is there a way to pass handheld devices through this portal without having to use the captive portal to login? Basically the only devices I want logging in are laptops and desktops. I would like iphones, ipods, PS3s, Wiis, and android devices to connect and not have to authenticate.
2. I have multiple AP groups (about 25) each with their own VAP profile, but they all have the same two ESSIDs defined. Is this a problem? Will it cause any problems when users roam between VAPs even though they use the same SSID. We have two SSID the one that is web authed and another that is encryped and 802.1x authed. I couldn't accomplish this through the GUI. I had to do it via the command line. That is why it concerns me. I want to be able to tweek settings per building in the VAP without affecting APs in other buildings.
07-23-2012 06:00 PM
#1 - You could easily utilize User Derivation Rules to set roles that 'by pass' the portal if certain Vendors (MAC addresses) or DHCP fingerprints of devices are detected.
#2 - Do these Virtual AP profiles share the same VLANs or is every VAP a different set of VLANs ?
07-23-2012 06:03 PM
1. I'll look into these, thanks.
2. Some have the same VLAN Pool assigned to them, but some don't. It's half and half. I tried reusing VLAN pools in other buildings where I felt I had room in the DHCP scopes to do so.
07-23-2012 08:10 PM
Yep I understand this. I have mobility IP enabled for the web authed SSID and I have preserve client vlan enabled on the 802.1x authed SSID. Will these mitigate the roaming problems like I think they will?