Wireless Access

Reply
Highlighted
Contributor I

IAP tunneled SSID ( Centralized,L2 ) and multiple Vlans

Cant find any info regarding this.

I have a ssid (radius auth) that i want to send its traffic from the IAP to a remote controller via GRE tunnel.

I know how to make this with a "ip dhcp" group binded to the same vlan in the SSID.

But if i want the Vlan to be sent via Radius attribute and have different clients with different vlans in the same ssid (and tunneled) how can i do this?

 

 

Nota: Gonna try to create multiple "ip dhcp" profiles and put multiple vlans on the SSID and try it, but an answer from a "guru" would be appreciated.

Re: IAP tunneled SSID ( Centralized,L2 ) and multiple Vlans

I don't believe IAP currently supports multiple VLANs inside the GRE tunnel used with IAP-VPN.

 

In this scenario, Radius can be used to have clients placed into different roles (and therefore different firewall policies), but the VLAN would be the same for all users placed into the tunnel.


Charlie Clemmer
Aruba Customer Engineering
Contributor I

Re: IAP tunneled SSID ( Centralized,L2 ) and multiple Vlans

Thanx for the reply Charlie,

But i have made some tests and it seems to work :)

I have this config:

 

wlan ssid-profile TESTE
type employee
essid TESTE
opmode wpa2-aes
max-authentication-failures 0
vlan A
auth-server RADIUS_TESTE



ip dhcp TESTE
server-type Centralized,L2
server-vlan X
disable-split-tunnel

 

 

ip dhcp TESTE-Iot
server-type Centralized,L2
server-vlan Y
disable-split-tunnel

 

And what i am seeing is that if the Vlan the radius sends when a client is authenticated in that ssid matches the vlan on the "IP DHCP" config, it will be tagged with that Vlan and sent via tunnel (and i can connect to stuff via it)

 

I will do more tests but if someone from Aruba could test and tell if it is a recommended config it also it would be nice ( i need to deploy this on production quickly).

 

 

 

Regards,

Vass

 

Super Contributor II

Re: IAP tunneled SSID ( Centralized,L2 ) and multiple Vlans

Hi!

 

Yes this works, you have a limitation of 6 "DHCP configs" so a maximum of 6 VLANs can be tunneled. I´m not from Aruba but I don´t see any issue deploying this kind of config into production.

 

Cheers,

 

 

Christoffer Jacobsson | Aranya AB
Aruba Partner Ambassador
Aruba: ACMX #537 ACCP ACDP | CWNP: CWNE #306
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: