Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP 105 Multiple vLAN Setup Help

This thread has been viewed 4 times

  • 1.  IAP 105 Multiple vLAN Setup Help

    Posted Dec 09, 2016 09:04 AM

    We have two networks (ssid's) across 8 AP's in our cluster. We want wireless network 1 to be in vlan30 and wireless network 2 to be in vlan40. We also use a network based dhcp server at the router for each virtual interface/gw. Do we need each switchport to be a trunk port allowing both vlans, or does just the switchport connected to the virtual controller AP need to be a trunk port allowing these vlans? Also, does each wireless network (ssid) need to have a static vlan id set?



  • 2.  RE: IAP 105 Multiple vLAN Setup Help

    EMPLOYEE
    Posted Dec 09, 2016 09:12 AM
    You just need to have a trunk with those two clans allowed. By default the untagged vlan is the IAP management vlan. When you setup your SSID, you need to enter a static vlan. Traffic from users that attach to an ssid is tagged out the AP Ethernet port with the static vlan specified. It is up to your switch to correctly handle the tagged traffic from each AP.


  • 3.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 09, 2016 09:34 AM

    I peformed the follwoing config. and it failed:

    1. Configured ssid/network 1 with static vlan id 30
    2. Configured ssid/network 2 with static vlan id 40
    3. Configured corresponding cisco switch ports connected to each AP as trunk ports allowing vlan 30, 40
    4. Configured cisco switchport connected to router as trunk allowing vlan 30, 40
    5. Rebooted AP's

    The above steps caused the clients to hang at obtaining ip from router acting as dhcp.

     

    I reverted ssid/network 1 back to default vlan id tagging and rolled back corresponding AP cisco switch ports to access ports allowing only vlan 30. This restored ssid/network 1, but ssid/network 2 on vlan 40 is still down. 

     

    How do I get both ssid/network 1 & 2 working?



  • 4.  RE: IAP 105 Multiple vLAN Setup Help

    EMPLOYEE
    Posted Dec 09, 2016 09:40 AM

    Vlans 30 and 40 must be one of the tagged VLANs on that switch.  Neither can be the default (untagged) vlan.  The switch must also be optionall trunked to a layer 3 switch which does the routing for those vlans, OR that switch must be a layer 3 switch with helper addresses on the vlan 30 and vlan 40 interface pointing to the correct dhcp server.



  • 5.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 09, 2016 09:50 AM

    If you read my last reply, that is how I have it configured. Please re-read my last post.

     

    Just to further clarify, both ssid/networks are statically tagged as vlan 30 and 40 respectively on Aruba. The cisco switch ports connected to the AP's are set to trunk and allow those to vlans. The router is obviously layer 3 and has two virtual sub-interfaces for each vlan to perform routing.

     

    This did not work.

     

    Again, do all AP's need to be connected to switch trunk ports, or just the virtual controller AP?



  • 6.  RE: IAP 105 Multiple vLAN Setup Help

    EMPLOYEE
    Posted Dec 09, 2016 10:10 AM

    All of the APs.

     

    I just repeated what should be configured because I did not want to leave anything to chance.  It should work.  Start with a network that works (open SSID, vlan 1) and then change the static VLAN to narrow down your issue.



  • 7.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 16, 2016 11:40 AM

    I have configured the two wireless networks/SSID's for static vlan 30 and 40 respectively. Then I configured the attached Cisco switchports as trunk ports. Next I configured two switchports as trunk to separate router sub-interfaces for each vlan respectively.

     

    As a result, the wireless network for vlan 30 works on across all Aruba IAP's. But the wireless network for vlan 40 only works on two AP's. The remaining AP's cause clients to hangs at obtaining IP address. Both vlan's use the router for DHCP off each sub-interface. ALSO, we can no longer ping, or access the Aruba management web portal from our native vlan 1 network.



  • 8.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 16, 2016 01:03 PM

    Moreover, both wireless networks on vlan 30 and 40 respectively are working for clients off of one of our Cisco layer 2 switches with a router on stick/sub-interface attached. BUT we can no long ping or access the Aruba virtual controller/web portal on any of the AP's.

    Any ideas?



  • 9.  RE: IAP 105 Multiple vLAN Setup Help

    EMPLOYEE
    Posted Dec 16, 2016 09:12 PM
    .


  • 10.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 19, 2016 07:56 AM

    Bump;

    Both wireless networks on vlan 30 and 40 respectively are working for clients off of one of our Cisco layer 2 switches with a router on stick/sub-interface attached. BUT we can no longer ping or access the Aruba virtual controller/web portal on any of the AP's.

    Any ideas?



  • 11.  RE: IAP 105 Multiple vLAN Setup Help
    Best Answer

    EMPLOYEE
    Posted Dec 19, 2016 08:32 AM

    Is the IAP management VLAN on the untagged VLAN?  Did you try accessing it when you are plugged directly into the switch that is plugged into the IAP?  Can you get as close as physically possible to the IAP and try to reach it?  Did you try plugging into the same wired VLAN as the IAP and trying to reach them? 



  • 12.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 19, 2016 10:28 AM

    I only changed the two wireless networks/ssid's to static vlan for vlan 30 and 40 respectively. The Aruba ethernet interface is still default and on the same subnet as the vlan 30 network using network based dhcp.



  • 13.  RE: IAP 105 Multiple vLAN Setup Help

    Posted Dec 19, 2016 11:34 AM

    We changed the AP ethernet management interface to vlan 30 and it resolved our issue.

     

    Thank you!