Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

VLAN tagging on AP or another solution

  • 1.  VLAN tagging on AP or another solution

    Posted Feb 26, 2020 02:12 PM

    Hi all, I have been reading some post about VLAN tagging on APs where according to replies there is no point to do it.


    Well, I have a really urgent need to tag on the AP. These is my problem:


    I have an Aruba 7210. So far we have a really big network where the Aruba controller can see the users VLANs, which means one interface on the controller is trunked with the users VLANs. But now, we need to move the controller to a place where there is no way for the controller to reach those VLANs on the interface. What can I do? I'm trying to tag the AP like I have done with other controller (Cisco, HP, H3C) but without success.

  • 2.  RE: VLAN tagging on AP or another solution

    Posted Feb 27, 2020 04:58 AM

    In the controller based architecture, the controller should be placed in a location where the user VLANs are available.


    Bridging traffic direct out from the AP is deprecated, and unsupported if there are more than 32 APs in a L3 subnet.


    Please work with your Aruba partner, VAD or local Aruba team to get to a proper design.

  • 3.  RE: VLAN tagging on AP or another solution

    Posted Apr 10, 2020 10:47 AM

    Technically we are using AP bridging at some locations due to the subnet size when the WLAN was deployed for clients, we could not support all users. 


    To do this, i configured the ap wired port as a trunk with all local user VLANs allowed and the native VLAN was the one I used for my AP to get an IP on. On the switch side, the same configuration - trunk with native VLAN as the AP VLAN. 


    This has been working for some time now, though you do lose a lot of functionality with bridge vs. tunneled mode. I HIGHLY recommend using tunneled mode, as it makes troubleshooting significantly easier with remote pcaps, as well as the stateful firewall and user-roles are very helpful to take advantage of.