Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎04-20-2016

assign vlan depending on which AP you connect. (without radius server)

Hello, first of all I apologize for my English.
 
I have a 10 IAP 215RW ,
And   Aruba Operating System Software ,  Type:    215 ,  Build Time:    2015-05-12 10:54:20 PDT , Version:    6.4.2.6-4.1.1.6_50009


I need to consult , how can i assign Vlan dynamically on a unique SSID which is present on several floors of a building without a Radius Server.

Depending on the floor (or Ap)  as the connection to ssid is made, the user will be assigned a VLAN specified for that floor.

For example, if you are connected to the first floor AP, you will be assigned vlan1
if you are connected to the second floor AP, you will be assigned vlan2 ,and so on


I have tried in the part of VLAN assignment filter by AP-NAME and also with AP-IP, but never applied to me vlan corresponding to the floor
All the Ap that I connect , always assigned me the default vlan.

It is possible VLAN assignment depending on the AP to which the user is connected?

The idea is to have a unique SSID in the building, users move through the floors and depending on the floor is the vlan that takes the user.
 
I leave some screenshots, how I'm trying to do this assignment.
 
Thank you very much for the help and sorry again for my English
 
 
 
aruba1.gif
 
aruba1.gif
MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: assign vlan depending on which AP you connect. (without radius server)

Is this within the same building ? If it is you probably don't want to assign a VLAN per floor because as device roam and signal bleeds across different floors the user experience will not be optimal because of the different VLANs getting assign as the user roams



Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: assign vlan depending on which AP you connect. (without radius server)

What type of encryption/authentication are you using?  If you are using 802.1x attributes like ap-name will be available to trigger rules like you want to use.  If you are just using WPA2-PSK, those attributes are not available and your rules will not trigger.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎04-20-2016

Re: assign vlan depending on which AP you connect. (without radius server)

[ Edited ]

Thanks for the reply.

 

The floors are not continuous. (floor are 2, 7,  13, 22,  and 30.)
I mention Floor 1, 2 and 3 as an example only.

 

The wifi connection uses wpa2 , the wireless network is already configured on all user devices of the company. (Notebooks and cellphones) with that unique  key , which is why I can not change the type of encryption, since users are moving not only on the floors of the building, but also move between different buildings in the city that already they have configured that unique SSID and unique key for all buildings of the company ..


They are approximately 1500 users who already have this key and ssid configured on their devices.

There are about 50 buildings have already set the SSID and key on the APs installed.


There a way to dynamically allocate the Vlan depending ap floor to which they connect with wpa2?
In wich way can i solve this problem without changing the type of encryption?


Thanks a lot, again.

Guru Elite
Posts: 21,007
Registered: ‎03-29-2007

Re: assign vlan depending on which AP you connect. (without radius server)

The formal way to change this is to have 1 ap-group for each floor group that a user would connect to.  You would duplicate the current virtual AP, name it something slightly different and just change the VLAN number for each ap-group.

 

Why you would NOT want to have a separate VLAN for each floor, is that it is inefficient and it creates management overhead:  You would be managing 4 times the subnets for the same amount of users.  An ip address is just the means to deliver traffic to and from a client, and has no real implications beyond that.  If you use a single VLAN, and you add a floor the building, you would just need to add APs for coverage, instead of having to create yet another VLAN in your layer 3 infrastructure.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎04-20-2016

Re: assign vlan depending on which AP you connect. (without radius server)

How do I create AP-groups? I can not find the option in the web of instant and the console ssh command does not recognize the command...

 

aruba3.gif

 

 the web said, that in web gui i have to Navigate to the Configuration > Wireless>AP Configuration > AP Group page., but in config, i dont have wireless page..

 

I guess it's another version of instant or maybe a separate product ..

 

Thanks for your help.

MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: assign vlan depending on which AP you connect. (without radius server)

AP groups function exist on the AOS controllers

The other option will be to create multiple IAPs clusters and each will assign the data VLAN and use layer 3 mobility between the clusters.



Sent from Outlook for iPhone
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: