Wireless Access

Reply
Highlighted
Occasional Contributor II

Multiple VLANs in one Port

Hi Guys!

 

I have a project about assigning a VLAN in an SSID. I already know this process but a little, but confused in the back end part. In our office, we have 6 departments and we need to deploy 1 SSID per department so it'll be 6 SSIDs. I need to assign the same VLAN that they have in their LAN Ports through WIFI, so in case of an emergency that their LAN ports are not working, they'll be connected to the WIFI. Since our Aruba instant allows me to assign a VLAN in an SSID so it is possible to fetch those VLANs from our Switch. Are there any specific steps that I need to do to assign 6 VLANs in one port (which our AP is connected to)? Our AP is connected to a LAN Port. 

 

THANK YOU.

MVP Guru

Re: Multiple VLANs in one Port

Your switch port would need to be configured as a trunk and allow the required VLANs. Your native VLAN would be used for the IAP Management VLAN and the client VLAN's would be a tagged VLAN.


Are you intending on broadcasting 6 SSID's from a single IAP? This is not recommended due to the increased overhead and will reduce performance. You can configure various options to assigned a VLAN based on a client or authentication server attribute. So this means all users would share the same (1x SSID) SSID whilst in a different VLAN.

 

You can use GVRP or MVRP to push VLANs down to the switch from the IAP.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Multiple VLANs in one Port

Hi!

 

It's great that you tell me what will be the risk of taking this step. Can you please elaborate to me the alternative process that you suggested?

 

"You can configure various options to assign a VLAN based on a client or authentication server attribute. So this means all users would share the same (1x SSID) SSID whilst in a different VLAN.

 

You can use GVRP or MVRP to push VLANs down to the switch from the IAP."

 

Also, can you walk me through or give me some steps to do this so I can study it well as preparation for my project?

 

Thank you!

MVP Guru

Re: Multiple VLANs in one Port

The first part we'd need to understand is how do your users authentication to the SSID? Is there a context aware authentication server such as ClearPass or RADIUS? The part you will need to understand is detailed under the Derivation Rules located in the User Guide. This will allow you return a User Role or VLAN based on a RADIUS attribute.

 

If you are using PSK, there is the method below but this can be a large management task depending on the amount of MACs in use. You can specify the VLAN within the assigned User Role.

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/Role-derivation-based-on-MAC-address-for-Open-or-PSK-based-SSID/ta-p/234830


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Multiple VLANs in one Port

Usually, they are authenticated as employees and currently, we are using the MAC Filtering.

MVP Guru

Re: Multiple VLANs in one Port

So, is the SSID authentication Open, WPA2-PSK, or Enterprise with MAC auth layered as well?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Multiple VLANs in one Port

We use the WPA-2 Personal with mac authentication and pass phrase

MVP Guru

Re: Multiple VLANs in one Port

Okay, in that case then you will need to use the example previously
supplied.

Cheers,
Craig

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Multiple VLANs in one Port

To be clear, the Role Derivation?

MVP Guru

Re: Multiple VLANs in one Port

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: