Wireless Access

Reply
Contributor II

ArubaOS 8.x multi Location SSID with different VLANs

Hi all

 

I setup my frist ArubaOS 8.x MC. Our customer has multiple location which are all connected together (VPN or Layer2 ISP Connections).

Each location has a own Subnetz with own VLAN-ID. There is one Controller on HQ which manage all locations (often is only one 3-4 APs per location).

The employee's need to connect on all locations with the same Wifi credentials. 

 

How can I switch the VLAN based on the location which the user are connecting?

 

Thanks in advanced.

Aruba Employee

Re: ArubaOS 8.x multi Location SSID with different VLANs

Hi,

 

I assume you will do bridging of client traffic - right?

what do you mean by "The employee's need to connect on all locations with the same Wifi credentials."? 

Are they using EAP-PEAP Authentication? 
Than you are able to use Radius data to push them into the needed VLAN.

Go to Authentication - Server Group - Server Rules and set a new rule based on Aruba-AP-IP-Address as an example. As Action you will det the VLAN

Location-VLAN.PNG

Contributor II

Re: ArubaOS 8.x multi Location SSID with different VLANs

Thank you very much.

That was the solution. In didn't search in the "Auth Server" Tab. ;)

Occasional Contributor II

Re: ArubaOS 8.x multi Location SSID with different VLANs

I have the same scenario with way more than 3-4 APs at each location.  I'm hoping to use your solution, but use some sort of "begins with" as it would be too inneficient to put in every single AP address.  Further thoughts?

New Contributor

Re: ArubaOS 8.x multi Location SSID with different VLANs

Similar challenge here. In AOS 6.x we have VLAN pools for different locations for the same SSID. Using the server rule approach with, for example, Aruba-AP-Group starts with "XX-", I can map to only a single VLAN, not a VLAN pool. Converting these pools to a single VLAN is going to be a lot of work, as we have many client devices with fixed IP addresses that would have to be changed. Looking for a better solution.

Re: ArubaOS 8.x multi Location SSID with different VLANs

If you're doing EAP-PEAP to ClearPass, you could return the VLAN ID or Name I believe and let CPPM do the logic for you as to what to return. It can use BEGINS_WITH  for AP IP or AP Name or even AP Group probably. 

 

I'm not sure about AOS 8, but I know in AOS 6 regardless of the VLAN set in the VAP, if one is returned by CPPM, that one is used instead - even without the server rules configured. We have this configured at a site right now and it's been working for years.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Aruba Employee

Re: ArubaOS 8.x multi Location SSID with different VLANs


@mharing wrote:

I'm not sure about AOS 8, but I know in AOS 6 regardless of the VLAN set in the VAP, if one is returned by CPPM, that one is used instead - even without the server rules configured. We have this configured at a site right now and it's been working for years.


When the Aruba VSAs are used, that is correct. It using other attributes such as filter-id to signal VLAN, then server rules would be needed.


Charlie Clemmer
Aruba Customer Engineering
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: