Wireless Access

Hi all,

 

First time in forum;)

 

i recently deploy a Wireless network with Aruba 3600 Controller and AP 105.

 

We have a Cisco Switch Core  to our internal wired network.

 

We deploy Controller and AP´s 105  in  Vlan 100 and create a trunk on Cisco and Aruba controller.

 

Native Vlan is 100 on the trunk ( allowed 100 and 101). Clients connect ok to Vlan 100, but I created another vlan 101 for wlan clients.

 

I want to get all clients connected to Vlan 101, different from the AP´s and controller VLAN.

 

I know this is possible but i am stuck... Already configured two SSid´s with diferent vlan 100 and 101, but only the native goes to the clients.

 

 

What we need is basically:

 

Vlan 100 - AP´s , controller and dhcp.

 

vlan 101 - clients

 

vlan 102 - management

 

Could you help?

 

Regards

 

#3600

If you have allready configured the WLAN, the Virtual AP profile has the VLAN that the clients end up in.

 

Try Configuration> Wireless > AP Configuration.  Edit the Ap-Group (could be default).  Expand Wireless Lan.. Expand Virtual AP.  Click on the Virtual AP with your clients.  The right Pane should open up.  Put in the VLAN number you want your clients to be in and click on apply.

 

Hi.
Created an ap group name test.
Already change that setting to 101 vlan on wlan. Then it seems that the clients can't reach dhcp, but i already created dhcp reservatiion for both vlan's. Could be that cisco has on the trunk native 100?

- Give VLAN 101 an ip address on the Aruba Controller.  See if you can ping the VLAN 101 ip address on the Cisco side.

 

If you cannot, something is wrong with your trunk.  If you can, and your client does not get an ip address, you need to add a helper address on the Cisco VLAN 101 interface that points to the DHCP server.

 

Do not forget to make Vlans as trusted and check that with # show run | begin interface.

Hi,

(I know that some already written here - but just to summarize)

 

• Check in the controller that all the VLANS are up and enabled.
• Make sure that you configured an IP DHCP HELPER in each vlan (if you aren't using the DHCP server on the controller) - and direct it to the DHCP IP server address.
• Make sure - u configured the IP settings right of each vlan (subnet it's important)
• Make sure - u added all the VLANS to the trunk port on the controller. (and again like already written here - make sure it's trusted!)
• Make sure u choose the right vlan in the VAP (Virtual AP group-ssid)
• if nothing doesn't work and everything look's fine - just add an IP to each vlan - and ping to diagnostic...when ping will work everything should work. (again - like already written here)

 

Rgrds.

 

Me

 

Hi,

Thanks for summary;)

Only thing that i think its missing is the ip helper. But even without the helper , clients get an ip address on vlan 100. Should that me because cisco trunk as v100 as native?

I will check all the points and see if it works.
Regards

U sure that the cisco port is configured as trunk?

 

BTW:

did u also configured the native vlan on the Aruba controller port as the same one?

What is the working mode of the VAP you did?

Tunnel / or Bridge?!

 

===================================

 

U may do some screenshots - they will give us a better looking on your configuration (if u dont want to output some cli outputs)

 

Trunk on both ends.

Tunnel.

Yes i will send some screen shots nearly next week. Regards

Hi Guys

 

Vlan s are now :

 

904 manage

905 controller and AP´s and guest clients ( pilot test)

906 Clients

 

I was able to configure two trunks to the cisco switch at the core:

- one connected to controller  Port Ge1/1 ( vlan 905)

- one connected to controller Port GE 1/2 ( vlan 906)

 

By this workaround i was able to maintain AP´s and controller with vlan905 and clients where directed to vlan 906 .

 

Dhcp has reservations to Ap´s and the controller on vlan 905

 

 

Now its working ok .

Don´t know if this is the correct way to do it..

 

Config in attach

 

 

Thanks you guys for or good tips;)

My personal preference is to trunk an interface (or two for redundancy) from the controller to the core.  I don't make use of the native vlan for client/ap traffic; it is only there in order to isolate untagged packets. I would avoid using the native vlan for any ap, controller, or client traffic from a best practice (Cisco's not Aruba's) standpoint.  Basically, make the native VLAN some number that is not in use by infrastructure or clients.

 

I would also suggest putting the guest clients on a separate VLAN - 907.  Set VLAN 907 as the VLAN for "SGguest-vap_pro".  That way you isolate guest traffic from your wireless infrastructure VLAN.

Is the native Vlan the same on both ends of the trunk?

I would recommend against using the native Vlan for any traffic as does Cisco. Can you configure a separate native Vlan, I always use 500, and leave the controller, APs, and dhcp on Vlan 100? This might make troubleshooting a bit easier.