Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

VLAN to SSID New User Confusion

I am setting up an office and need to create two SSID's, one for Corp use, and one for NotCorp use. The Corp SSID is the native VLAN 1 and works fine. The NotCorp SSID should only attach to VLAN 5 which is direct;y connected to a dedicated Firewall Port which is natted to the Internet. In other words, VLAN 1 is all Internal Corp use, and NotCorp is for devices that have no business being on the Corp LAN but need Internet access. I have both VLANs setup and tagged to the controller primary interface and I can ping both the Corp firewall port and the NotCorp Firewall port. VLAN 1 works fine of course, but if I set VLAN 5 for the NotCorp VAP then it disappears and is not wireless accessible. I think I need to bridge but i am still unsure of just how to set this so that NotCorp only communicates through VLAN 5. thanks for any assistance. I have researched this until my eyes are red, but if I missed a previous thread that already discussed this scenario, please let me know. Thanks. BTW The AP's are hardwired to the Controller and I just discovered that it doesn't look like I can set multiple VLANs on the Ports and I suspect this is where I am failing. I tried Trunk and Access but I can't find a way to set VLAN 1 --> VLAN 1 only and VLAN 5 ---> VLAN 5 only from thier respective SSID's. Setting both SSID's to VLAN 1 is easy but not what I need.
Guru Elite
Posts: 20,981
Registered: ‎03-29-2007

Re: VLAN to SSID New User Confusion


RogerRamjet wrote:
I am setting up an office and need to create two SSID's, one for Corp use, and one for NotCorp use. The Corp SSID is the native VLAN 1 and works fine. The NotCorp SSID should only attach to VLAN 5 which is direct;y connected to a dedicated Firewall Port which is natted to the Internet. In other words, VLAN 1 is all Internal Corp use, and NotCorp is for devices that have no business being on the Corp LAN but need Internet access. I have both VLANs setup and tagged to the controller primary interface and I can ping both the Corp firewall port and the NotCorp Firewall port. VLAN 1 works fine of course, but if I set VLAN 5 for the NotCorp VAP then it disappears and is not wireless accessible. I think I need to bridge but i am still unsure of just how to set this so that NotCorp only communicates through VLAN 5. thanks for any assistance. I have researched this until my eyes are red, but if I missed a previous thread that already discussed this scenario, please let me know. Thanks. BTW The AP's are hardwired to the Controller and I just discovered that it doesn't look like I can set multiple VLANs on the Ports and I suspect this is where I am failing. I tried Trunk and Access but I can't find a way to set VLAN 1 --> VLAN 1 only and VLAN 5 ---> VLAN 5 only from thier respective SSID's. Setting both SSID's to VLAN 1 is easy but not what I need.
How is VLAN 5 connected to the controller?  Is it on an access port or trunk port?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

Re: VLAN to SSID New User Confusion

Port 1/8 is currently configured as a Trunk Port with VLAN 1 being the Native VLAN ID and VLAN 1,5 in the Allowed VLANS.

Guru Elite
Posts: 20,981
Registered: ‎03-29-2007

Re: VLAN to SSID New User Confusion

1/8... what controller platform is this?  What is on the other side of that connection?  What version of ArubaOS?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

Re: VLAN to SSID New User Confusion

Sorry for my confusion. The Controller is an Aruba 620 with OS 6.1.1.1. When you asked about the Controller I wasn't sure if I should be reporting what is under Config -> Network -> Ports or under the Config --> AP Group -> Edit.

Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

Re: VLAN to SSID New User Confusion

The Network Switch port is configured to allow both VLAN 1 and 5 on the primary port the Controller is connected too.

Guru Elite
Posts: 20,981
Registered: ‎03-29-2007

Re: VLAN to SSID New User Confusion

Okay.  

 

Two things:

 

The 620 controller can only support 1 trunk, but it will not tell you..  If you SSH into it and type "show trunk", make sure that only one trunk appears.  If a second trunk port appears, change that to an access port.

 

Give the controller an ip address on VLAN 5 to ensure that it can indeed ping across, instead of route to ping the ip address of VLAN 5 of the other side.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

Re: VLAN to SSID New User Confusion

Much Thanks for the feedback, I am remote at the moment and while I can SSH into the Controller I don't have the enable pwd with me, Grrrrrr. I just set it up and I'll have to check this in the morning when I'm back on-site. Again, thanks much for the quick reply.

Occasional Contributor I
Posts: 6
Registered: ‎09-30-2012

Re: VLAN to SSID New User Confusion

just a quick update. I verified the single Trunk and found that the VLAN did not have an IP or any network information. Once I set the IP, Subnet mask, and DHCP server forwarding information it all worked as advertised. Many thanks for the great support.

Search Airheads
Showing results for 
Search instead for 
Did you mean: