Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

What is a named VLAN and how do I configure it? 

Jul 05, 2014 11:17 AM

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.4 and later.

A network administrator can name a VLAN to associate an intuitive name to a VLAN or VLAN pool. VLAN names are global, but VLAN IDs are local to the controller. That means that VLAN names must be configured from the master controller, but VLAN IDs are local to the controller. The network administrator configures a name on the master and maps the VLANs on the local controller to that name. After VLAN names are globally configured (on the master) and mapped (on the local), the names are converted to VLAN number or VLAN pool as applicable.

VLAN names can be used for many things.



VLAN Name Configuration Single VLAN VLAN Pool
Virtual AP profile Yes Yes
User derivation rule Yes No
Server derivation rule Yes No
User role Yes No
Wired AP profile    
- Access VLAN Yes No
- Trunk Native VLAN Yes No
- Trunk Allowed VLAN Yes Yes




To configure named VLANs, follow these steps:

1) Configure the named VLAN on the master controller.

Named VLAN can be configured from master switch using 'vlan-name <named-vlan> pool'. The 'pool' option is used when you configure a 'named-vlan pool'.

(SDM3-332x) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SDM3-332x) (config) #vlan-name l-user
(SDM3-332x) (config) #vlan-name l-user-pool pool
(SDM3-332x) (config) #end
(SDM3-332x) #show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled
l-user-pool Enabled

(SDM3-332x) #

2) Map VLANs to vlan-name on the master controller by issuing the following commands:

(SDM3-332x) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SDM3-332x) (config) #vlan l-user 32
(SDM3-332x) (config) #vlan l-user-pool 201-204
(SDM3-332x) (config) #end
(SDM3-332x) #show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 32
l-user-pool Enabled 201-204

(SDM3-332x) #

3) Map VLANs to vlan-name on the local controller by issuing the following commands:

(SD36H) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SD36H) (config) #vlan l-user 11
(SD36H) (config) #vlan l-user-pool 38,101-104,120-122
(SD36H) (config) #end
(SD36H) #show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 11
l-user-pool Enabled 38,101-104,120-122

(SD36H) #


VLAN mapping can be modified on either master or local by issuing the 'vlan <vlan-name> <vlan#>' command.

Example:

VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 11
l-user-pool Enabled 38,101-104
(SD36H) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SD36H) (config) #vlan l-user 36
(SD36H) (config) #vlan l-user-pool 38,101-104,120-122
(SD36H) (config) #show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 36
l-user-pool Enabled 38,101-104,120-122

(SD36H) (config) #


Named VLANs can be deleted from the master controller by issuing the 'no vlan-name <named_vlan>' command.

Example:

(SDM3-332x) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SDM3-332x) (config) #no vlan-name l-user
(SDM3-332x) (config) #no vlan-name l-user-pool
(SDM3-332x) (config) #end
(SDM3-332x) #



WebUI Configuration
Browse to Configuration > VLANs and select VLAN Pool. Add a new named VLAN or modify an existing one here.

 

1.jpg

 

Configuring a VLAN for Virtual AP

A named VLAN can be configured for a virtual AP just like a regular VLAN by using the 'vlan <vlan # / vlan-name>' command. The same VLAN name will be pushed to the local controller, but the local concentrator will have a different VLAN map for that named VLAN.

Example:

(SDM3-332x) # config terminal
(SDM3-332x) (config) #wlan virtual-ap my-virtual-ap
(SDM3-332x) (Virtual AP profile "my-virtual-ap") #vlan l-user

Or, if you need to configure pool, use named-pool.

(SDM3-332x) (Virtual AP profile "my-virtual-ap") #vlan l-user-pool

(SDM3-332x) # show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 32
l-user-pool Enabled 201-204

Local switch--------------------

(SD36H) # show vlan mapping

Vlan Mapping Table
------------------
VLAN Name Pool Status VLAN IDs
--------- ----------- --------
l-user Disabled 11
l-user-pool Enabled 38,101-104,120-122


Configuring User Derivation Rule Using named-vlan

Named VLANs can also be used when configuring 'user derivation rules' as shown here.

(SDM3-332x) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(SDM3-332x) (config) #aaa derivation-rules user my-user-rule
(SDM3-332x) (user-rule) #set vlan condition essid equals myessid set-value l-user
(SDM3-332x) (user-rule) #end

(SDM3-332x) #show aaa derivation-rules user my-user-rule

User Rule Table
---------------
Priority Attribute Operation Operand Action Value Total Hits New Hits
-------- --------- --------- ------- ------ ----- ---------- --------
1 essid equals myessid set vlan l-user 0 0

Rule Entries: 1

This configuration is pushed down to local switch.

(SD36H) #show aaa derivation-rules user my-user-rule

User Rule Table
---------------
Priority Attribute Operation Operand Action Value Total Hits New Hits
-------- --------- --------- ------- ------ ----- ---------- --------
1 essid equals myessid set vlan l-user 0 0

Rule Entries: 1



WebUI Configuration
Browse to Configuration > Security > Authentication and click the User Rules tab. Add a new rule, select the set vlan option, and select named-vlan.

 

2.jpg

 

Server Derivation Rules

Server derivation rules can also use named VLANs.

CLI Example:

(SDM3-332x) (config) #aaa server-group my-server-grp

(SDM3-332x) (Server Group "my-server-grp") #set vlan condition filter-id equals my-filter-id set-value l-user

(SDM3-332x) (Server Group "my-server-grp") # end


WebUI Configuration
Browse to Configuration > Authentication and click the Servers tab. Select the server group that needs to be modified, select the set vlan option, and you will see "name vlans" listed under Value.

 

3.jpg

 

Server Derivation Rules

Server derivation rules can also use named VLANs.

CLI Example:

(SDM3-332x) (config) #aaa server-group my-server-grp

(SDM3-332x) (Server Group "my-server-grp") #set vlan condition filter-id equals my-filter-id set-value l-user

(SDM3-332x) (Server Group "my-server-grp") # end


WebUI Configuration
Browse to Configuration > Authentication and click the Servers tab. Select the server group that needs to be modified, select the set vlan option, and you will see "name vlans" listed under Value.

 

4.jpg

 

 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.