I have three sites, here's how they're set up:
Site A (primary)
Wifi vlan - 10.20.x.x
AP-105, AP-135, and AP-225
Site B (satellite)
Wifi vlan- 10.21.x.x
AP-105
Site C (satellite)
Wifi vlan- 10.22.x.x
AP-105 and AP-135
I have a single Aruba 3600 controller that lives at Site A controlling the APs on all three sites which are currently in a single AP group. What we've noticed is that all client traffic appears to be spoofed from Site A. For example, someone at Site C will connect and get a 10.20.x.x address. What we're trying to accomplish is authenticate users to the local domain controllers at their appropriate site. Is the proper way to do that to set up RADIUS servers at each site and then create seperate AP groups for each site with appropriate AAA profiles pointing to the site-specific radius servers?