Wireless Access

Reply
Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

VLAN assignment based on AP

Hi,

 

I've been trying to find an explanation on how to assign a VLAN to a wireless client based on the AP that it is connected to. For example users on location X should receive VLAN x and users on location Y should receive VLAN y.

 

I''m using MS NPS but as the VLAN assignment is based on the specific AP (or AP group) I'm not sure if NPS is capable of doing this.

 

My current WLAN solution uses a so called 'location policy' in which AP groups are defined on a per office base. Once the user is authenticated the WLAN controllers assigns the correct VLAN based on the AP groups that are defined.

I would like to know if I can accompish the same with the Aruba solution.

 

The setup will be based on 2x 7220's with remote 325's.

 

Thanks for the reply!

MVP
Posts: 4,232
Registered: ‎07-20-2011

Re: VLAN assignment based on AP

[ Edited ]
 
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: VLAN assignment based on AP

It all depends on how many offices you have.

 

If it is a few offices, you can duplicate the Virtual AP, change the VLAN in that Virtual AP and then assign it to a different ap-group.  Everything in the new ap-group will be the same besides the name of the Virtual AP (WLAN) and the VLAN that users are assigned.

 

If you want more flexibility (many more offices), you would get a radius server like ClearPass that will check the ap-group attribute and return a VLAN attribute based on the ap-group.

 

NPS cannot detect an incoming ap-group radius attribute and decide what VLAN to send back.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

Re: VLAN assignment based on AP

Hi Colin,

 

Thanks for your response.

 

There are around 50 offices and all need to have the same SSID broadcasted. The config is the same except there needs to be a difference in VLAN id due to the netwerok design.

 

How can this be achieved with Aruba WLAN?

 

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: VLAN assignment based on AP

Will all the offices be on separate controllers?  If yes, you could use Named VLANs, where you assign the "Employee" name to a WLAN and it is defined as different VLANs depending on the controller the access point is connected to.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

Re: VLAN assignment based on AP

The AP's on all offices will be connected using HA fast failover on two 7220's. So no local controllers on the offices.

It would need something like an AP group which can assign a unique VLAN id back to the authenticated client. Can Aruba do this or a similar way to accomplish this (like Juniper)?

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: VLAN assignment based on AP

It is absolutely possible.  The specifics of it would depend on your office/Vlan mapping.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

Re: VLAN assignment based on AP

Great, even without ClearPass?

The mayority of offices have 3 VLAN's (1 per SSID). Two layer2 which are distributed over all offices so I do have the possibility to use use a static VLAN on these, although I prefer to use dynamically assigned.

One VLAN is layer 3 and needs to be dynamically assigned to wireless clients. Some offices do have multiple layer 3 VLAN's (different floors are divided in multiple VLAN's). L3 roaming is not required.

 

I've build this setup using other WLAN vendor solutions by using, for example, location policies. With Aruba I'm not able to find a similar way to do so. I tried configuring multiple AP groups but then I hit the limitation of only being able to select 1 SSID per AP group.

Guru Elite
Posts: 20,807
Registered: ‎03-29-2007

Re: VLAN assignment based on AP

Are all of the VLANs tunneled back to the controller, or is the default gateway for the VLANs located at the Offices?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

Re: VLAN assignment based on AP

Hi Colin, all VLAN's will be tunneled back to the controlller. There will be no AP's in bridging mode.

Search Airheads
Showing results for 
Search instead for 
Did you mean: