Wireless Access

Reply
Occasional Contributor II

SSID in tunneled Mode with different L2 and L3 configuration behind the MC

Hi Airheads Community,

 

I`ve a design question which I´m struggling with... please assume that I´m using a distributed enterprise MPLS environment with a Mobility Controller in a DC and ~30 Branch Offices where CAPs are used which are configured in Tunnel-Mode!
Mobility Controller / w CAP (tunneled mode) + AirWave only for Monitoring should be used!

 

the question for me is now, is it possible to broadcast an SSID on all those sites, but use for example several different VLANs and IP subnets each for every location behind the controller?
one reason is, that I would like to make a distinction of the clients based on the IP addresses... or is the only way to use several different SSIDs and VLANs on the MC to get this running done...

maybe some of you - hopefully not all :) would say to use Branch Controller in the offices and a Mobility Master in the DC as alternate solution or recommendation... if so, is there an overview comparison with advantages and disadvantges between MC /w CAP, MM /w BC and maybe IAP you can point me to?

 

thank you and kind greets

Guru Elite

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

Is the majority if the user traffic going back to the DC?  If yes, tunnel all traffic back to the DC controller using a Campus AP.  If you are using Airwave, it will tell you what access point the user is connected to, so you will know the physical location.  No need to have separate, VLAN spaces for users.

 

That is my opinion based on the limited information in your post.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Occasional Contributor II

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

ok, I know that but would it technically be possible to use different vlans behind one ssid? ... you said limited information - what would be necessary else to know?

greets
Guru Elite

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

Yes it would.

If you had a radius server and/or user derivation rules that would apply a different VLAN for each site, that would work, but it does not scale.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Regular Contributor II

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

Hi

Like Colin said you can use user derived rules. Or maybe create a AP group per location and use the different vlan in the different AP groups. The ssid can be one, based on the VAP within the AP group you assign a different vlan.

Hope it helps
Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Occasional Contributor II

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

as of you say a Radius Server or Clearpass for server derivation rules is unfortunately not available... so I´ve to if possible to deal with another solution! It is actually planned for a guest access so I´m not sure if that fits as well?!

 

there are already AP groups configured for each site but I don`t be able to configure it the way you are suggesting, because where in the AP Group I can specify a Vlan -  that has to be done in the WLAN (SSID) Tab or I´m wrong?!

 

greets

Guru Elite

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

The VLAN is specified in the Virtual AP profile.  You would just duplicate that Virtual AP and change the VLAN for every ap-group

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Regular Contributor II

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

Like i already mentioned.

 

That should work fine

 

 

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Occasional Contributor II

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

hm, I can`t find a configuration parameter where I can specify a Virtual AP Group?! where should this be done in 8.2.1.0?

Guru Elite

Re: SSID in tunneled Mode with different L2 and L3 configuration behind the MC

It is a challenge to tell you what to do without knowing what you have already done. Did you already create ap-groups?  Do you know at what folder level you created them?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: