Wireless Access

Hi All,

I'm scratching my head over a few terms I'm come across - on this forum and within the Aruba documentation.

A user refers to VLAN pooling in the following thread:

AFAIK, they are the same thing.  A VLAN pool is configured, VLANs are assigned to it and then it is referenced under the Virtual AP profile.  That whole process is reffered to a VLAN pooling.

It sounds to me like you are referring to "named vlan pools" as opposed to just adding additional vlans to an VAP.

CRG to the rescue:

vlan-name
vlan-name <name> [pool]
Description
This command creates a named VLAN on the controller and can enable it as a pool. A named VLAN needs to
be first created to assign one or a pool of VLAN IDs to that name.

Then in the VAP config:

wlan virtual-ap <profile>

     vlan <vlan>...

Where <vlan> = 

The VLAN(s) into which users are placed in order to
obtain an IP address. Enter VLANs as a comma-
separated list of existing VLAN IDs or VLAN names. A
mixture of names and numeric IDs are not allowed.

True.  Both, however, are considered VLAN pooling.  The nice thing about named VLAN pools is that I can pass back the name from a RADIUS server and have it reference local VLANs.  The pool name is global (pushed from master to lcoals), but the VLANs contained in the pool are actually local.  A VLAN pool named employee can be VLANs 100,101 and 102 in one location and VLANs 200, 201 and 202 in another.

---

@olino wrote:

True.  Both, however, are considered VLAN pooling.  The nice thing about named VLAN pools is that I can pass back the name from a RADIUS server and have it reference local VLANs.  The pool name is global (pushed from master to lcoals), but the VLANs contained in the pool are actually local.  A VLAN pool named employee can be VLANs 100,101 and 102 in one location and VLANs 200, 201 and 202 in another.

---

Huh. That's pretty cool that you can pass back the pool name from the RADIUS server.

Ah... now it makes more sense.

IMO - The WebUI doesn't make it clear that it's a named pool. Your post helped clear this up. I'll have to cross reference the CRG next time.

I've been using the named pool as a global option for awhile now, with local VLANs assigned to local controllers. I didn't realize that you could use it as a RADIUS attribute. Cool tip...

Thanks!

You can pass back any RADIUS attribute and then have a server derivation rule that says to set the VLAN based on that attribute.  For instance, you can pass back Tunnel-Filter-ID with a value of employee or contractor or guest, have VLAN pools setup called employee or contractor or guest and have a server derivation rule that says if attribute Tunnel-Filter-ID exists, set the VLAN to the value-of.

Maybe in a future version of code, Aruba will let us use a VLAN pool in a role... wink, wink...

On a related matter...

Are the controllers smart enough to know when a VLAN has reached capacity and then start handing out another VLAN assignment? e.g. how does it know that your DHCP scope for that VLAN is full?

It uses a formula in an attempt to balance usage across VLANs. The formula uses the MAC address of the wireless client. Therefore one wireless client will get the same VLAN each time. This helps if you ever need to static an IP on your DHCP server, and the IP is a wireless client. We do that for Xbox game consoles.

No, the controller doesn't know the size of the DHCP scopes, so it cannot know when they are full.  You have to make sure you have enough addresses in the VLAN(s) to service all your clients (plus some room for unbalanced VLANs since you can't yet specify a round robin balance).

---

@olino wrote:

No, the controller doesn't know the size of the DHCP scopes, so it cannot know when they are full.

---

Yeah - that's what I figured.

I'm working on a new named pool, and the pool status is stuck on disabled. This is my second named pool, so I've been through this type of config before - but I'm stumped as to why it's not behaving. The pool was named on the master and I added a vlan to it on a local controller...

I submit this as a new thread if you think that would be more appropriate.

Thanks

Delete the Vlan name and create it again as a pool like this:

config t

no vlan-name TEST

vlan-name TEST pool

vlan TEST <vlan numbers>

---

@cjoseph wrote:

Delete the Vlan name and create it again as a pool like this:

 

config t

no vlan-name TEST

vlan-name TEST pool

vlan TEST <vlan numbers>

 

 

---

Thanks.. That seemed to do it. Could my issue be the resut of a bug in the WebUI?

It is more about the workflow, than anything else.  I would agree that it is not necessarily intuitive.

If you only want to have a single VLAN you can just do vlan <vlan name> <vlan number>.  If you have multiple VLANs attached to a VLAN name, you must designate it as a pool up front on the local controller, which is pretty much where it is interpreted.  There are things that you can only do with a single VLAN name, such as a server derivation rule, that you cannot do with a pool, and this helps the controller to limit commands to only things that it supports.

In the user guide, please search for the section "Creating, Updating and Deleting VLAN Pools" which will give you the accurate workflow for both the GUI, as well as the commandline.

Thanks again. This thing had me pulling my hair out - over what seemed like a simple task.

I created multiple vlans into our controller together with the subinterface static ips appropriate with these vlans. I added these vlans using their vlan IDs into the vlan pool. I went and setup our SSID profile to use the vlan pool name that I created. However, this is not working. It will only work if I go back to only 1 vlan instead of using a vlan pool. Any ideas? I don't think I am getting an IP address as well.

ALL,

This might be the same question in a different form.  With VLAN pooling can I take the existing remote VLANs and addto controller and still do bridging?