Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Separate AP VLAN vs IDS

This thread has been viewed 0 times

  • 1.  Separate AP VLAN vs IDS

    Posted Oct 03, 2012 06:04 AM

    Hi!

    I have a question about deploying AP's in separate VLAN.

    VRD_Aruba Mobility Controllers_8.pdf states:

     

    "The other downside to this approach is that AMs become less effective, because they can no longer see user traffic that may be exiting a rogue AP on the wired side of the network."

     

    This customer wants to have AP's in separate VLAN but also requires IDS.

     

    Let's say Office VLAN is 11 and AP VLAN is 12, would it help to put all AP on trunk ports with native VLAN 12 and hearing all other VLANs to retain IDS capability?

     

    Thanks,

            -V.D.



  • 2.  RE: Separate AP VLAN vs IDS
    Best Answer

    EMPLOYEE
    Posted Oct 03, 2012 06:23 AM
    @v.dvorak wrote:

    Hi!

    I have a question about deploying AP's in separate VLAN.

    VRD_Aruba Mobility Controllers_8.pdf states:

     

    "The other downside to this approach is that AMs become less effective, because they can no longer see user traffic that may be exiting a rogue AP on the wired side of the network."

     

    This customer wants to have AP's in separate VLAN but also requires IDS.

     

    Let's say Office VLAN is 11 and AP VLAN is 12, would it help to put all AP on trunk ports with native VLAN 12 and hearing all other VLANs to retain IDS capability?

     

    Thanks,

            -V.D.

    yes

     

     



  • 3.  RE: Separate AP VLAN vs IDS

    Posted Oct 03, 2012 08:09 AM

    OK, thanks!