Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Is it possible to link multiple VLANsin to SINGLE SSID?

This thread has been viewed 22 times

  • 1.  Is it possible to link multiple VLANsin to SINGLE SSID?

    Posted Jun 26, 2016 06:09 AM

    Hi,

     

       I have an existing AD and wired infra with VLANs, i wonder if it's possible to link multiple VLANs into single  SSID thru IAP?

     

    your suggestions will be greatly appreciated.

     

    Thank you in advance



  • 2.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?

    EMPLOYEE


  • 3.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?

    Posted Jun 29, 2016 01:22 AM

    Thank you for the response Sir,

     

        but what if the authentication of those VLANs will be dependent on AD ? perhaps I need ACPM on this.

     

    what could be the recommended configuration flow on this?

     

    thank you very much for your prompt response



  • 4.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?

    EMPLOYEE
    Posted Jun 29, 2016 05:49 AM

    What are you trying to do?  That will determine what you need to configure.



  • 5.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?

    Posted Jun 29, 2016 05:58 AM

     a demo scenario, where in employees from different networks/department/VLAN have credentials on AD and they are trying to implement corporate wireless mobility thru a single SSID.

     

    I've been thinking if I need the following components and how to implement it

    a.2 IAPs (IAP-215)

    b.MS AD 2008

    c. Clearpass Policy Manager(?)

     

    Thank you so much for your prompt response :)



  • 6.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?
    Best Answer

    EMPLOYEE
    Posted Jun 29, 2016 06:09 AM

    - A 802.1x SSID has a default or set vlan that user end up in when they authenticate successfully.  That is set in the SSID configuration.  The Instant AP needs to be on a trunk that has that VLAN tagged.

    - Optionally the radius server that authenticates them can send back an attribute, Aruba-User-Vlan, that will give them an alternate VLAN.  When the optional VLAN is sent back the Instant AP needs to have a trunk that corresponds to that VLAN.

    - The Aruba-User-Vlan attribute can be sent back using NPS with modification or you can use ClearPass, that has the capability already built in.

    - First get 802.1x working with your clients on NPS.  Then, make sure you have trunking working between your switch and IAP, by changing the VLAN in the SSID.  Lastly, configure NPS to send back a different Aruba-User-Vlan attribute with radius responses to see if that is working.

     

    Please see the post here: http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Setup-Dynamic-Vlans/m-p/91788#M2542 to see how to return a vlan attribute using NPS.

     



  • 7.  RE: Is it possible to link multiple VLANsin to SINGLE SSID?

    Posted Jun 29, 2016 06:31 AM

    whoa! will surely simulate this advice once I get back to my LAB!

     

    Thank you very much on this, will keep you updated on this! :D