Wireless Access

Reply
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Tunnel mode & Bridge mode SSID in sigle AP group

Hi,

 

We have controller 7210, cppm (as radius) AP 205, 105

controller is located at central location & AP is at different locations.

 

Can i use tunnel mode & bridge mode SSID in single AP group?

will it work?

 

Thanks in advance..

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Tunnel mode & Bridge mode SSID in sigle AP group

Yes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Tunnel mode & Bridge mode SSID in sigle AP group

Hi,

 

It is obsolutely possible to configure 2 SSIDs with two different forwarding modes,

 

An ap-group can have multiple VAPs (Virtual APs) and each VAP can be configured with different forwarding mode.

 

In your case you have to create two VAPs and mapp them to the Ap-group.

 

Eg :

Ap-group

 

VAP1-- Tunnel mode 

SSID1

AAA

 

VAP2 -- Bridge mode

SSID2

AAA

 

Hope it is clear. if not clear please feel free to come back :)

 

Cheers,

Venu Puduchery

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: Tunnel mode & Bridge mode SSID in sigle AP group

Hi,

 

Actually, I am using tunnel mode in our setup. There are 10 branches connected to controller(At central location) but  wireless user unable to get printer access(connected on wired nettwork)

 

As per cutomer requirement, only user auth + machine authenticated users should get wireless access. I am able to achieve this requirement in tunnel mode but not in to bridge mode.

 

Bridge mode only supports user authentication.

 

Is there any alternative to achieve the same?

 

Thanks..

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Tunnel mode & Bridge mode SSID in sigle AP group

nik-mh,

 

How are you enforcing machine authentication?  Are you using the controller's "Enforce Machine Authentication" or are you using a radius server to check that the device has passed user and machine authentication?  

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: Tunnel mode & Bridge mode SSID in sigle AP group

I am using CPPM for vlan enforcement & to verify the user authentication + machine authentication.

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Tunnel mode & Bridge mode SSID in sigle AP group

[ Edited ]

Nik-MH,

 

If you are using CPPM, is it sending back a VLAN that is not trunked to the physical interface of the bridged AP?  When you send back the VLAN attribute for a bridged VAP, that VLAN must exist on the AP's switchport trunk.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: Tunnel mode & Bridge mode SSID in sigle AP group

Colin,

 

The vlan is exist on my branch switch & bridge AP is getting same range IP address(10.128.10.X).

 

Even wireless user is also getting same IP address(10.128.10.X) but only the user authentication base.

 

how to achieve the user + machine auh?

 

 

 

 

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Tunnel mode & Bridge mode SSID in sigle AP group

[ Edited ]

nik-mh,

 

The VLAN# that you are sending back is specific to the port that the AP is plugged into.  If the user ends up in a VLAN that is not trunked to the AP, the user will not go anywhere.  Do you have your access points at the branch plugged into trunk ports?  Is the VLAN you are sending back allowed on that physical port?

 

If you do not have your access points on trunks at the branch, you cannot send back VLANs in your enforcement profile.  It will not work.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: Tunnel mode & Bridge mode SSID in sigle AP group

Colin,

 

Yes. the branch AP is plugged on trunk port & vlan is also passed through that trunk port.

 

wireless user is getting IP address from same vlan if i use only user authentication.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: