Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VLAN to SSID New User Confusion

This thread has been viewed 0 times

  • 1.  VLAN to SSID New User Confusion

    Posted Sep 30, 2012 10:55 PM
    I am setting up an office and need to create two SSID's, one for Corp use, and one for NotCorp use. The Corp SSID is the native VLAN 1 and works fine. The NotCorp SSID should only attach to VLAN 5 which is direct;y connected to a dedicated Firewall Port which is natted to the Internet. In other words, VLAN 1 is all Internal Corp use, and NotCorp is for devices that have no business being on the Corp LAN but need Internet access. I have both VLANs setup and tagged to the controller primary interface and I can ping both the Corp firewall port and the NotCorp Firewall port. VLAN 1 works fine of course, but if I set VLAN 5 for the NotCorp VAP then it disappears and is not wireless accessible. I think I need to bridge but i am still unsure of just how to set this so that NotCorp only communicates through VLAN 5. thanks for any assistance. I have researched this until my eyes are red, but if I missed a previous thread that already discussed this scenario, please let me know. Thanks. BTW The AP's are hardwired to the Controller and I just discovered that it doesn't look like I can set multiple VLANs on the Ports and I suspect this is where I am failing. I tried Trunk and Access but I can't find a way to set VLAN 1 --> VLAN 1 only and VLAN 5 ---> VLAN 5 only from thier respective SSID's. Setting both SSID's to VLAN 1 is easy but not what I need.


  • 2.  RE: VLAN to SSID New User Confusion

    EMPLOYEE
    Posted Sep 30, 2012 11:30 PM
    @RogerRamjet wrote:
    I am setting up an office and need to create two SSID's, one for Corp use, and one for NotCorp use. The Corp SSID is the native VLAN 1 and works fine. The NotCorp SSID should only attach to VLAN 5 which is direct;y connected to a dedicated Firewall Port which is natted to the Internet. In other words, VLAN 1 is all Internal Corp use, and NotCorp is for devices that have no business being on the Corp LAN but need Internet access. I have both VLANs setup and tagged to the controller primary interface and I can ping both the Corp firewall port and the NotCorp Firewall port. VLAN 1 works fine of course, but if I set VLAN 5 for the NotCorp VAP then it disappears and is not wireless accessible. I think I need to bridge but i am still unsure of just how to set this so that NotCorp only communicates through VLAN 5. thanks for any assistance. I have researched this until my eyes are red, but if I missed a previous thread that already discussed this scenario, please let me know. Thanks. BTW The AP's are hardwired to the Controller and I just discovered that it doesn't look like I can set multiple VLANs on the Ports and I suspect this is where I am failing. I tried Trunk and Access but I can't find a way to set VLAN 1 --> VLAN 1 only and VLAN 5 ---> VLAN 5 only from thier respective SSID's. Setting both SSID's to VLAN 1 is easy but not what I need.
    How is VLAN 5 connected to the controller?  Is it on an access port or trunk port?

     



  • 3.  RE: VLAN to SSID New User Confusion

    Posted Oct 01, 2012 12:46 AM

    Port 1/8 is currently configured as a Trunk Port with VLAN 1 being the Native VLAN ID and VLAN 1,5 in the Allowed VLANS.



  • 4.  RE: VLAN to SSID New User Confusion

    EMPLOYEE
    Posted Oct 01, 2012 12:48 AM

    1/8... what controller platform is this?  What is on the other side of that connection?  What version of ArubaOS?

     



  • 5.  RE: VLAN to SSID New User Confusion

    Posted Oct 01, 2012 01:02 AM

    Sorry for my confusion. The Controller is an Aruba 620 with OS 6.1.1.1. When you asked about the Controller I wasn't sure if I should be reporting what is under Config -> Network -> Ports or under the Config --> AP Group -> Edit.



  • 6.  RE: VLAN to SSID New User Confusion

    Posted Oct 01, 2012 01:04 AM

    The Network Switch port is configured to allow both VLAN 1 and 5 on the primary port the Controller is connected too.



  • 7.  RE: VLAN to SSID New User Confusion
    Best Answer

    EMPLOYEE
    Posted Oct 01, 2012 01:07 AM

    Okay.  

     

    Two things:

     

    The 620 controller can only support 1 trunk, but it will not tell you..  If you SSH into it and type "show trunk", make sure that only one trunk appears.  If a second trunk port appears, change that to an access port.

     

    Give the controller an ip address on VLAN 5 to ensure that it can indeed ping across, instead of route to ping the ip address of VLAN 5 of the other side.

     



  • 8.  RE: VLAN to SSID New User Confusion

    Posted Oct 01, 2012 01:19 AM

    Much Thanks for the feedback, I am remote at the moment and while I can SSH into the Controller I don't have the enable pwd with me, Grrrrrr. I just set it up and I'll have to check this in the morning when I'm back on-site. Again, thanks much for the quick reply.



  • 9.  RE: VLAN to SSID New User Confusion

    Posted Oct 01, 2012 08:21 PM

    just a quick update. I verified the single Trunk and found that the VLAN did not have an IP or any network information. Once I set the IP, Subnet mask, and DHCP server forwarding information it all worked as advertised. Many thanks for the great support.