Wireless Access

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

perhaps you can double check your VLAN assignment rules and ensure the AP names are are all correctly configured. 

For your testing you can choose the AOS10 group configuration and then use Tools->Commands Tab -> Select your APs 

and run this "show clients" command, which should display that IP address for the clients and if they are not getting an IP address it will show 0.0.0.0

This way you can find out if the client is connected to the correct AP or to another

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------

Original Message:
Sent: Mar 21, 2025 11:18 AM
From: bizzy
Subject: Issue using Dynamic VLAN assignment rules

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

------------------------------
Matt D.
------------------------------

Original Message:
Sent: 3/23/2025 2:03:00 AM
From: ariyap
Subject: RE: Issue using Dynamic VLAN assignment rules

perhaps you can double check your VLAN assignment rules and ensure the AP names are are all correctly configured. 

For your testing you can choose the AOS10 group configuration and then use Tools->Commands Tab -> Select your APs 

and run this "show clients" command, which should display that IP address for the clients and if they are not getting an IP address it will show 0.0.0.0

This way you can find out if the client is connected to the correct AP or to another

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Mar 21, 2025 11:18 AM
From: bizzy
Subject: Issue using Dynamic VLAN assignment rules

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

------------------------------
Matt D.
------------------------------

Hi,

Have you tested to configure to send the AP name under SSID, Security Settings, Advanced Settings, Called ID Station Type?

Original Message:
Sent: 3/23/2025 2:03:00 AM
From: ariyap
Subject: RE: Issue using Dynamic VLAN assignment rules

perhaps you can double check your VLAN assignment rules and ensure the AP names are are all correctly configured. 

For your testing you can choose the AOS10 group configuration and then use Tools->Commands Tab -> Select your APs 

and run this "show clients" command, which should display that IP address for the clients and if they are not getting an IP address it will show 0.0.0.0

This way you can find out if the client is connected to the correct AP or to another

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Mar 21, 2025 11:18 AM
From: bizzy
Subject: Issue using Dynamic VLAN assignment rules

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

------------------------------
Matt D.
------------------------------

I have not, as I didn't know this option existed. I will look into it and post my results.

Hi,

Have you tested to configure to send the AP name under SSID, Security Settings, Advanced Settings, Called ID Station Type?

Original Message:
Sent: 3/23/2025 2:03:00 AM
From: ariyap
Subject: RE: Issue using Dynamic VLAN assignment rules

perhaps you can double check your VLAN assignment rules and ensure the AP names are are all correctly configured. 

For your testing you can choose the AOS10 group configuration and then use Tools->Commands Tab -> Select your APs 

and run this "show clients" command, which should display that IP address for the clients and if they are not getting an IP address it will show 0.0.0.0

This way you can find out if the client is connected to the correct AP or to another

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Mar 21, 2025 11:18 AM
From: bizzy
Subject: Issue using Dynamic VLAN assignment rules

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

------------------------------
Matt D.
------------------------------

Note, if these buildings are situated such that roaming is possible from one building to another, this setup likely won't work.  Roaming requires a common VLAN for the client device.

I have not, as I didn't know this option existed. I will look into it and post my results.

Hi,

Have you tested to configure to send the AP name under SSID, Security Settings, Advanced Settings, Called ID Station Type?

Original Message:
Sent: 3/23/2025 2:03:00 AM
From: ariyap
Subject: RE: Issue using Dynamic VLAN assignment rules

perhaps you can double check your VLAN assignment rules and ensure the AP names are are all correctly configured. 

For your testing you can choose the AOS10 group configuration and then use Tools->Commands Tab -> Select your APs 

and run this "show clients" command, which should display that IP address for the clients and if they are not getting an IP address it will show 0.0.0.0

This way you can find out if the client is connected to the correct AP or to another

------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.

Original Message:
Sent: Mar 21, 2025 11:18 AM
From: bizzy
Subject: Issue using Dynamic VLAN assignment rules

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

------------------------------
Matt D.
------------------------------

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

Today I was able to do some further testing and troubleshooting and it appears that the issue is with the fact that the WLAN is setup to use a Captive portal with Aruba's "Cloud Guest". If I change the Security Level from Visitors to Personal removing the Captive Portal I am able to join several devices to that SSID and they get the correct VLAN/IP address from DHCP. Anyone have any ideas on why this would be?

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks

Run "show clients debug" on the AP with a client connected via Cloud Guest, the "VLAN" column should have a value in parentheses explaining how the VLAN was derived for that session.  If Cloud Guest is returning a RADIUS VSA then that is going to be applied before any VLAN assignment rules come into play.

https://arubanetworking.hpe.com/techdocs/aos/aos10/design/vlans/#vlan-assignment-rules

Today I was able to do some further testing and troubleshooting and it appears that the issue is with the fact that the WLAN is setup to use a Captive portal with Aruba's "Cloud Guest". If I change the Security Level from Visitors to Personal removing the Captive Portal I am able to join several devices to that SSID and they get the correct VLAN/IP address from DHCP. Anyone have any ideas on why this would be?

Hello,

A little background is that our organization is switching from Meraki APs to Aruba AP-635's running AOS10 managed via Aruba Central. I'm running into an issue with assigning dynamic VLAN rules which I'm hoping some more experienced users can provide some guidance on.

We have a guest WLAN that is available in all 7 of our buildings. Each building has it's own VLAN ID for the guest network with it's own IP range for each building. I've setup dynamic VLAN assignments rules based on our  AP naming convention which is 'Building Name Room - Asset ID" The rules say if  Access Point name contains "Building Name" assign VLAN ID of the guest network of that building. There's 7 of the rules to cover the 7 buildings.

Initially this seemed to be working as I connected my iPhone to the guest WLAN and received an IP address in the guest network of the building I was in. The issue appeared when I had a few other devices attempt to connect and they weren't getting an IP address at all. I looked at the clients section in Aruba central and could see that they were trying to connect but that it was trying to assign them VLAN ID's of the other buildings not the actual building they were in even though all devices were connecting to an AP with the proper naming convention of the budling.

I tried looking up documentation on how Dynamic VLAN assignment rules operate and best practices and really couldn't find anything. Any ideas why it's assigning the correct VLAN for one device but a different one for another device connected to the same AP?

The only other thing I would like to add that I'm not sure is relevant is that this WLAN has a captive portal that the guest has to acknowledge our network terms before connecting. I like forward to any assistance you can provide me. Thanks