I have a project about assigning a VLAN in an SSID. I already know this process but a little, but confused in the back end part. In our office, we have 6 departments and we need to deploy 1 SSID per department so it'll be 6 SSIDs. I need to assign the same VLAN that they have in their LAN Ports through WIFI, so in case of an emergency that their LAN ports are not working, they'll be connected to the WIFI. Since our Aruba instant allows me to assign a VLAN in an SSID so it is possible to fetch those VLANs from our Switch. Are there any specific steps that I need to do to assign 6 VLANs in one port (which our AP is connected to)? Our AP is connected to a LAN Port.
Your switch port would need to be configured as a trunk and allow the required VLANs. Your native VLAN would be used for the IAP Management VLAN and the client VLAN's would be a tagged VLAN.
Are you intending on broadcasting 6 SSID's from a single IAP? This is not recommended due to the increased overhead and will reduce performance. You can configure various options to assigned a VLAN based on a client or authentication server attribute. So this means all users would share the same (1x SSID) SSID whilst in a different VLAN.
You can use GVRP or MVRP to push VLANs down to the switch from the IAP.
It's great that you tell me what will be the risk of taking this step. Can you please elaborate to me the alternative process that you suggested?
"You can configure various options to assign a VLAN based on a client or authentication server attribute. So this means all users would share the same (1x SSID) SSID whilst in a different VLAN.
You can use GVRP or MVRP to push VLANs down to the switch from the IAP."
Also, can you walk me through or give me some steps to do this so I can study it well as preparation for my project?
The first part we'd need to understand is how do your users authentication to the SSID? Is there a context aware authentication server such as ClearPass or RADIUS? The part you will need to understand is detailed under the Derivation Rules located in the User Guide. This will allow you return a User Role or VLAN based on a RADIUS attribute.
If you are using PSK, there is the method below but this can be a large management task depending on the amount of MACs in use. You can specify the VLAN within the assigned User Role.
Usually, they are authenticated as employees and currently, we are using the MAC Filtering.
So, is the SSID authentication Open, WPA2-PSK, or Enterprise with MAC auth layered as well?
We use the WPA-2 Personal with mac authentication and pass phrase
To be clear, the Role Derivation?
This one for PSK.
Will this process allow the employees to connect to the SSID with the same vlan(policy) that they have in their lan ports?
So after doing the configuration with my switch, I'll do this one? How would I know that the user must be connected to their corresponding vlans?
So I'll specify their Mac addresses so the IAP will know to which VLAN they'll be assigned? Is that correct? Same SSID but different VLANs
Here. How will I assign this role that I created to one of our VLANs?
Where can I find that User Role? I'm a bit lost LOL. Are there any steps to specifically assign a VLAN to a User Role?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.