Wireless Access

We have a model 3200 controller that was configured only for our user vlan. We need to make it aware of other vlans to seperate out guest access. How can we get this done?

That depends... it's kind of a broad question.

The short answer is you just define the VLAN based on SSID, login method, etc.

The longer answer is more involved...

If you've got it plugged into a L3 switch you could set up a trunk connection to it and have an external DHCP server hand out your addresses.. 

If you don't have a L3 switch you can define VLANs on the controller, setup DHCP on the controller, and NAT out a set of addresses...

In any case you need to define the VLAN(s) on the controller and define how they are applied.

I've used both of these methods, as I have campuses with and with a L3 switch.

They do not have a L3 switch. That would be nice. I tried adding a vlan to the controller to test it but when I applied the change the controller went offline and I had to reboot it to get the old config back. 

Yeah - I think that can happen if the controller's VLAN ID is switched over to your new VLAN.

I'm assuming by "the controller went offline" you mean that you couldn't bring up the web interface or ping it. Is this the case?

I can't remember for sure, but I think its controlled by the IP Default gateway though the CLI. Make sure that's config'ed right.

---

@praetorrian wrote:

They do not have a L3 switch. That would be nice. I tried adding a vlan to the controller to test it but when I applied the change the controller went offline and I had to reboot it to get the old config back. 

---

Let us pretend that the user does not have any infrastructure and does not want to create any more:  you want to create  guest network in a box.  You can create a VLAN that only exists on the controller, have the controller do DHCP for it and do 'ip nat inside' on the VLAN to source-nat the traffic out of the ip address of the controller.  Let's do the first part via the commandline:

config t

vlan 1000

interface vlan 1000

ip address 1.1.1.1 255.255.255.0

ip nat inside

exit

service dhcp

ip dhcp pool guest

network 1.1.1.0 255.255.255.0

default-gateway 1.1.1.1

dns-server 8.8.8.8

exit

ip cp-rediect-address 1.1.1.1

Now the GUI part:

After you have created this, if you have already created a guest network, go into the Virtual AP for that existing guest network and assign the VLAN parameter to VLAN 1000 using the GUI.  If you have NOT already created a guest network, use the WLAN/LAN Wizard in Configuration > WLAN/LAN Wizard to create a guest network and tie it to VLAN 1000 that we just created.

Let us know how you do.

I do not have access to the cli just the gui. I have a dhcp scope setup in the controller and I have a vlan created that isnt assign to a port on the controller. How can I use these to do the same thing? Sorry I'm a noob to Aruba and I'm trying to learn on the go.

Since I rarley use the GUI for creating this here is my best try, I believe that I got it all.