Wireless Access

Reply
Contributor II

How to setup a guest SSID to distribute DHCP from the local controller

I am confused on now to setup a couple of SSID's to provide DHCP addresses to theire wireless clients?

 

Background:

1.  We have the Controllers setup ans AP's connected. 

2.  I want to create 1 x Guest WLAN that gives out its onwn subnet of priviate IP addresses.

3.  I want to create a Bring Your Own Device (BYOD) SSID for our employee's smartphones and personal devices(tablets, etc.).

4.  My plan to configure these WLAN to dish out IP addresses for the respected clients and to not use the same IP addresses on our corporate side.

I created a question but it gacve very general instructions: Probably need to create a DHCP pool first: MM -> Managed Devices -> Group -> Configuration -> Services - DHCP

 

Now, my questions are:

 

1.  How to associate the DHCP pool with the Guest VLAN? 

         a.  I know how to assign the guest Vlan a static IP address.

 

2.  Or should I configure the DHCP provided by the the Guest VLan another way?

         a.  The DHCP needs to be provided ny the local controller.

Guest Blogger

Re: How to setup a guest SSID to distribute DHCP from the local controller

To use the controller as DHCP server for multiple VLAN's, you have to create multiple DHCP pools on the controller and enable the DHCP service. An example below:

 

service dhcp

 

ip dhcp pool tunnel-node
default-router 10.10.20.1
dns-server 1.1.1.1
network 10.10.20.0 255.255.255.0
authoritative

 

Next you create a VLAN interface for the respective VLAN. Like

 

 

interface vlan 20

   ip address 10.10.20.254 255.255.255.0

   no ip routing

 

Very basic, but this should be the beginning

 

@rene_booches | AMFX #26, ACMX #438, ACCX #725, ACDX #760, CCNP R&S, CEH | Co-owner/Solution Specialist@4IP / blog owner@booches.nl
Contributor II

Re: How to setup a guest SSID to distribute DHCP from the local controller

Ok, 

 

Sounds good; but,

 

Question1:  What settings does the 'Autoritative' description represent?  In the mean time,  will take a look at the existing DHCP Pool settings.

 

Question2:  The respected VLan ... where is the VLan originating from?

    a.  I would think that the controller is the router for this subnet.

    b. So this VLan shold be something that is not in confolict with anything else in the network.  SO VLan-20 or whatever should not be used anywhere else on teh same network.

    c.  Can we discuss the design of question 2 above?

 

Question3:  I have to inquire about the current network just to maek sure; but, I beleive that the internet only data is coming to our DMZ (VLan).  And then the controller is giving out private IP addresses to the clients.

 

I am confused about how to setup Question 3 this way; but, lets focus on quesiton 1-2 until I get clarity on Question 3.

Aruba Employee

Re: How to setup a guest SSID to distribute DHCP from the local controller

Hi Pkafkas,

 

Let me try to help as well :) 

 

Question 1:

'Autoritative' is general DHCP server setting (not Aruba specific) and tells the DHCP server that he is responsible for that specific subnet. Only if you have an Autoritative DHCP server, address assignment is working correctly. 

 

Question 2:

The VLAN ID should be unique in your network. This helps to make it easy in the future. The IP scope should be unique as well. 

The first question you should ask yourself or the customer, should the Controller the default gateway for that VLAN or should the controller only be the DHCP Server? If the controller should be the gateway, make sure, that you configure your routing accordingly. You might either use static routing or dynamic routing with OSPF. 

You can also NAT the network to the egress network IP of the controller. This will remove the need for routing. 

 

If you know, which path to follow, we can help with the configuration needed. 

 

BR

Florian

visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Contributor II

Re: How to setup a guest SSID to distribute DHCP from the local controller

In our current setup we have 3 SSIDs that give out DHCP.  They are setup similarly, where they send out private IP addresses 

 

It appears that the  controllers are the DHCP server and the Gateway. The attched screen shot is for our Guest access.  It recevies Internet from a DMZ connection.  See screenshot. I havequestions no how the routing is configured, I can only guess at this point until I veirfy.  But I would image that internet only is routed to this WLAN some how and the WLAN Guest clients are receiving the IP address from the controller.

 

 

I need to verify some facts before I can contribute more to this thread.  I am not sure when that wil be.

Contributor II

Re: How to setup a guest SSID to distribute DHCP from the local controller

OK,

 

Here is how our HP controllers are setup.  They are setup very similarly as an HP ProCurve Switch; but, it only has 2 active Ethernet connections on each local controller.

 

- 1 X Access Network (Corporate Network).

- 1 x Internet Port (DMZ Internet Only).

 

The default gateway is the gateway for the DMZ at each site.  There are static routes defined for each IP Scheme that is not defined in the interface.  See Screen shot and anything tht is not defined will get sent to the internet.

 

I think I will need to have:

- IP routing enabled

- 2 x Vlans and an IP addressed to the each

-  Default Gateway defined

- Static routes defined

 

See screenshot

 

Such as:

interface vlan 20<enter>
    ip address XX.XX.XX.XX 255.255.255.0<enter>

 

ip default-gateway XX.XX.XX.XX<enter>

 

The 192.XXX.XXX.0 addresses will need to be routed to Default Route (DMZ).  These are our guest networks that receive DHCP from teh controllers where visitors will need to VPN and use FTP and be using theirown devices (not from our company).

 

My questions are:

 

1.  How to assign the differnt DHCP-Pools (from the Group - MD - level)to the specific WLAN?

 

2.  From the Configuration - Services - DHCP - Services - DHCP section, why is there a minimum of 4 hosts required?  What do the 'hosts' actually represent?

Aruba Employee

Re: How to setup a guest SSID to distribute DHCP from the local controller

Hi Pkafkas,

 

You cannot apply a DHCP scope to WLAN. This is not possible. Instead of applying the DHCP scope to a WLAN, the DHCP scope is automatically applied to VLAN, which is within the definition of the scope network. Let's assume you have the DHCP scope below:

(host) [mynode] (config) #ip dhcp pool floor1
(host) [mynode] (config-submode) #default-router 10.26.1.1
(host) [mynode] (config-submode) #dns-server 192.168.1.10
(host) [mynode] (config-submode) #domain-name floor1.test.com
(host) [mynode] (config-submode) #lease 0 8 0
(host) [mynode] (config-submode) #network 10.26.1.0 255.255.255.0

To use this scope, you need to create a VLAN interface, with an IP address from that scope. You would normally use the default gateway IP, as the controller should be the default gateway for the clients. 

 

I'm not sure, what you mean with your second question. 

 

visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Contributor II

Re: How to setup a guest SSID to distribute DHCP from the local controller

Hello Florian,

 

It appears that our current WIFI setup is different from what Aruba has designed.  

 

1.  We have all of our guest Wifi SSID's using internet from the DMZ Vlan.  

     a.  BYOD SSID: 192.168.102.0

     b.  Guest SSID: 192.168.103.0

 

2.  Hence, we have different Class - C subnets that are using teh same VLAN.  

 

You are suggesting to assign the DHCP pool to a VLAN.  Can we have more than 1 DHCP pool assigned to the same VLAN? 

 

Can we have the same CLass C Subnets that not routable to each other?

 

How do we assign a DHCP Pool to specific VLan(s)?

Contributor II

Re: How to setup a guest SSID to distribute DHCP from the local controller

Also regarding my hosts question.

 

Please see attachment.

Guru Elite

Re: How to setup a guest SSID to distribute DHCP from the local controller

Question:

 

Did you Wireless LAN Controller before do all of the routing, firewalling and DHCP for your network?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: