Hello FlorianBaaske and team,
After putting this to the side and clearing my head I think FlorianBaaske last comment is "right on". It appears that the currently used controllers do not have an assigned VLan for the DMZ(See screen shot).
My manager beleives that we can just assign an IP address to an available interface on the Aruba Controller; but, everything that I have been research suggests that we need to:
1. Create DHCP Pool with specific IP address scheme.
a. Beginning and ending to ID Scheme.
b. Set an exlude IP address that will eventually be assigned to a Vlan.
2. Crete a VLAN for the DMZ and assign it an IP address that is avalable on the DMZ.
3. Create a seperate VLANs for each DHCP Pool.
a. 192.168.XXX.XXX - DHCP1 GUEST
b. 192.168.XXX.XX - DHCP2 BYOD
c. Assign an IP address that is within the specific DHCP Scope and also excluded from DHCP Address range.
4. Then I will need to create static routes on the Aruba Controller for each Guest Access IP subnet.
a. According to prevoius comments and according to: https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-to-assign-DHCP-Pool-to-VLAN/td-p/8117
b. The controller will be able to route traffic to the wireless clients try to access the DHCP Pools.
c. Route IP address for GUEST (IP DHCP Scheme) to DMZ Gateway (not the IP assgned ot the DMZ VLan).
d. Same routing rule for BYOD (Look at IP route pic).
5. The rest of the Corprorate VLans can use the normal controller's Gateway, to route the traffci to the respected VLAN.
Can someone comment or verify if my plan above is correct?
Also can anyone mention what the 'Hosts' field is representing and why there is a minimum of 4 required? I am not sure if anyone answered that before.
In a related but separate question: Can anyone explain to me how we can have 1 group of MAC Addresses to Authenticate to a Specific WLAN; but, not to be accepted to another SSID that also uses MAC authentication as well? Or is there no way to associate a MAC address user account to 1 specific VLAN (Perhaps by delimeter)?