Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VLAN based on Location

This thread has been viewed 1 times

  • 1.  VLAN based on Location

    Posted Feb 05, 2012 08:06 PM

    I want to use the User Role/VLAN filter to set a VLAN based on Location.  The User Guide (p 342) says that location is based on ESSID.  This must be a typo because there already is an ESSID Rule Type.  I tried to use FQLN as a value for Location but that didn't work.  What is the correct Value to use for the Location Rule Type?  I would like to use "contains string in FQLN".

     

    Thanks.



  • 2.  RE: VLAN based on Location

    EMPLOYEE
    Posted Feb 06, 2012 12:18 PM

    I'm not sure what parameter is used by that.  How many different locations do you have that you want to provide a different VLAN to?

     



  • 3.  RE: VLAN based on Location

    Posted Feb 06, 2012 12:29 PM

    I have about 12 locations per controller.  I would like to use a VLAN pool (ie 2-3 VLANs) per location.  I would like to assign a user to a VLAN pool based on their location. Thanks.



  • 4.  RE: VLAN based on Location

    EMPLOYEE
    Posted Feb 06, 2012 12:35 PM

    Will all of those Vlans be available at the controller?

     

    As a general practice, you should create an AP-group for each location.  You should then duplicate the Virtual AP (save as) with the different VLANS, and add them to each AP group.  When the APs come up, you provision them to the new APs groups that were created.

     

    Does that make sense?

     

    The user derivation rule would only allow you to assign one VLAN per rule and not a VLAN pool, anyway....

     



  • 5.  RE: VLAN based on Location

    Posted Feb 06, 2012 12:47 PM

    It does make sense.   I thought I was simplifying things by using one AP Group because all the locations share the SSIDs but it only complicated things.   Thank-you.



  • 6.  RE: VLAN based on Location

    Posted Feb 06, 2012 08:21 PM

    To cjoseph,

     

    I have another question about your solution above.  I will have one backup controller in an N+1 configuration.  I will extend all the VLANs to the backup controller.  After a controller failure, will the associated clients, which have already been assigned a VLAN and IP addr, continue to get the same VLAN at the backup controller automatically  OR  do I need a special mapping rule at the backup controller to ensure this happens?      Thanks.



  • 7.  RE: VLAN based on Location

    EMPLOYEE
    Posted Feb 06, 2012 08:23 PM

    The backup controller should inherit the configuration and act just like the primary controller.  Your job on the local controller is to make create the same layer-2 VLANS so that they can be placed on the same subnets upon failover.



  • 8.  RE: VLAN based on Location

    Posted Feb 07, 2012 09:00 AM

    Will the backup controller also get the PTKs and GTKs for established associations?  Is this done via the Master?



  • 9.  RE: VLAN based on Location

    EMPLOYEE
    Posted Feb 07, 2012 09:13 AM

    Those are negotiated when a client associates to a new AP, irrespective of which controller it is on.  The effect after failover is not measurable.