Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

assign vlan depending on which AP you connect. (without radius server)

This thread has been viewed 0 times

  • 1.  assign vlan depending on which AP you connect. (without radius server)

    Posted Apr 22, 2016 09:51 AM
    Hello, first of all I apologize for my English.
     
    I have a 10 IAP 215RW ,
    And   Aruba Operating System Software ,  Type:    215 ,  Build Time:    2015-05-12 10:54:20 PDT , Version:    6.4.2.6-4.1.1.6_50009


    I need to consult , how can i assign Vlan dynamically on a unique SSID which is present on several floors of a building without a Radius Server.

    Depending on the floor (or Ap)  as the connection to ssid is made, the user will be assigned a VLAN specified for that floor.

    For example, if you are connected to the first floor AP, you will be assigned vlan1
    if you are connected to the second floor AP, you will be assigned vlan2 ,and so on


    I have tried in the part of VLAN assignment filter by AP-NAME and also with AP-IP, but never applied to me vlan corresponding to the floor
    All the Ap that I connect , always assigned me the default vlan.

    It is possible VLAN assignment depending on the AP to which the user is connected?

    The idea is to have a unique SSID in the building, users move through the floors and depending on the floor is the vlan that takes the user.
     
    I leave some screenshots, how I'm trying to do this assignment.
     
    Thank you very much for the help and sorry again for my English
     
     
     
    aruba1.gif
     
    aruba1.gif


  • 2.  RE: assign vlan depending on which AP you connect. (without radius server)

    Posted Apr 22, 2016 09:55 AM
    Is this within the same building ? If it is you probably don't want to assign a VLAN per floor because as device roam and signal bleeds across different floors the user experience will not be optimal because of the different VLANs getting assign as the user roams



    Sent from Outlook for iPhone


  • 3.  RE: assign vlan depending on which AP you connect. (without radius server)

    EMPLOYEE
    Posted Apr 22, 2016 10:15 AM

    What type of encryption/authentication are you using?  If you are using 802.1x attributes like ap-name will be available to trigger rules like you want to use.  If you are just using WPA2-PSK, those attributes are not available and your rules will not trigger.



  • 4.  RE: assign vlan depending on which AP you connect. (without radius server)

    Posted Apr 22, 2016 10:39 AM

    Thanks for the reply.

     

    The floors are not continuous. (floor are 2, 7,  13, 22,  and 30.)
    I mention Floor 1, 2 and 3 as an example only.

     

    The wifi connection uses wpa2 , the wireless network is already configured on all user devices of the company. (Notebooks and cellphones) with that unique  key , which is why I can not change the type of encryption, since users are moving not only on the floors of the building, but also move between different buildings in the city that already they have configured that unique SSID and unique key for all buildings of the company ..


    They are approximately 1500 users who already have this key and ssid configured on their devices.

    There are about 50 buildings have already set the SSID and key on the APs installed.


    There a way to dynamically allocate the Vlan depending ap floor to which they connect with wpa2?
    In wich way can i solve this problem without changing the type of encryption?


    Thanks a lot, again.



  • 5.  RE: assign vlan depending on which AP you connect. (without radius server)

    EMPLOYEE
    Posted Apr 22, 2016 10:53 AM

    The formal way to change this is to have 1 ap-group for each floor group that a user would connect to.  You would duplicate the current virtual AP, name it something slightly different and just change the VLAN number for each ap-group.

     

    Why you would NOT want to have a separate VLAN for each floor, is that it is inefficient and it creates management overhead:  You would be managing 4 times the subnets for the same amount of users.  An ip address is just the means to deliver traffic to and from a client, and has no real implications beyond that.  If you use a single VLAN, and you add a floor the building, you would just need to add APs for coverage, instead of having to create yet another VLAN in your layer 3 infrastructure.

     



  • 6.  RE: assign vlan depending on which AP you connect. (without radius server)

    Posted Apr 22, 2016 03:04 PM

    How do I create AP-groups? I can not find the option in the web of instant and the console ssh command does not recognize the command...

     

    aruba3.gif

     

     the web said, that in web gui i have to Navigate to the Configuration > Wireless>AP Configuration > AP Group page., but in config, i dont have wireless page..

     

    I guess it's another version of instant or maybe a separate product ..

     

    Thanks for your help.



  • 7.  RE: assign vlan depending on which AP you connect. (without radius server)

    Posted Apr 22, 2016 04:19 PM
    AP groups function exist on the AOS controllers

    The other option will be to create multiple IAPs clusters and each will assign the data VLAN and use layer 3 mobility between the clusters.



    Sent from Outlook for iPhone