Do you have VLAN11 added/configured on the router as well?
With controller WLAN in tunneled mode (default & recommended mode), the VLAN11 should only be needed on the controller. Switches and APs don't need to be aware of that new VLAN, except of course the switch between the router and the controller (if there is a switch in between, which is not written in the diagram).
Is the router the 'default gateway' for both VLAN 5&11 (recommended to leave controller 'layer-2'; and not do routing on the controller)?
If not, in which VLAN is the router? And do you have a proper route (and NAT) setup on the router?
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Sent: Aug 08, 2022 03:56 AM
From: Patryk Krysik
Subject: Controller 7030, 2 wlans, 2 vlans, 1 ISP.
I have a 7030 aruba controller in 3 different locations, all of them in the same network (let's say VLAN5= 192.168.5.0/24). For about 3 years I had a single WLAN on all of them, everything worked as expected. Now I need to create second WLAN that carries traffic for another VLAN (VLAN11 = 192.168.11.0/24). What should be my approach in cofiguring devices? For switches I use either Aruba 1930 or HPE 1920S. Access points- mostly 305s. You can see the attached .png to understand it better. I created 2nd WLAN on the controller that is a part of 2nd VLAN and configured ports on the controller to be in TRUNK mode that allows every VLAN. When I add static IP on my tablet connected to 2nd WLAN/VLAN I am able to connect to controller using 2nd VLAN address (192.168.11.20) but I have no internet access. My router is configured correctly- access port that connects to my controller is in both VLANs. I didn't configure anything on switches, maybe that's the problem- should I configure ports connected to controller as trunks and ports connected to APs as tagged?