Security

Hi,

I'm trying to figure out if it's possible to assign wireless clients to a a specific vlan based on the SSID they're using to connect.

We have a network that's split up into several VLAN's. For example, we have vlan10 for backoffice end devices, vlan30 for production devices, vlan40 for printers, etc ... 

There isn't a segregation between clients based on ap's. So on AP01 there are clients that should go in vlan 30 and 40. On AP02 there are clients that belong in vlan's 10 and 40 and so forth.

The access points themselves reside in VLAN50 (configured on the PoE switches they're connected to). 

The VLAN's are configured in the  Network > VLAN ID section. I've made a test SSID, attached it to an AP group and set a VLAN on it. However, when I connect a client to this SSID it get's and IP from VLAN50 instead of the VLAN configured in

Configuration > AP Group > Edit "APGROUP. What am I missing to make this work? 

There's one port on the Aruba controller connected to my backbone switch. This port is configured to be a trunk port on both ends and I can ping all vlan's from the Mobility controller.

Make sure the AP has been provisioned to the correct AP Group.

You can check the VLAN settings for the SSID in the Configuration - AP Configuration - Edit the AP Group - Wireless LAN - Virtual AP: Does your SSID have the correct VLAN assigned to it?

Also make sure that your user roles do not have VLAN's assigned (it will overwrite the default one)

You have the option to set a default VLAN per Virtual AP.  This would assign everyone to that VLAN.  You can then override this in various ways if you need to.   If the VLANs are on the core network, then so long as the port is trunked and the VLANs allowed, then you should be able to use them.

1) Server derived rules when using an 802.1X authenticated network and RADIUS server

2) User derived rules (any type of network)

3) VLAN assignment within a user role

Each has different methods of setup.