Private AP network over vlan on same copper as trusted.
10-03-2018 07:22 AM
I have a question on setting up a private network for my AP's on the same copper as my trusted/guest traffic. The answer is probably obvious but I'm missing it. Here's an example.
Vlan 10 = Trusted Network 10.10.10.0
Vlan 20 = Guest Network 192.168.1.0
Vlan 30 = Aruba network (Private AP network) 192.168.2.0
I set the VLAN to use under the SSID configuration for Trusted and Guest Networks. How do I get the AP's to automatically operate on VLAN 30?
My goal is to use DHCP with Option 60 for automatic deployment.
'm just not sure how to tell the AP's to use the VLAN.
Putting the AP's on a seperate VLAN and private network also alows me to show some level of security greater than the 802.11x when running guest and trusted on the same network as our End user network. I'm just not sure how to tell the AP's to use the VLAN.
Any help is appreciated.
Re: Private AP network over vlan on same copper as trusted.
10-04-2018 10:41 AM
Are your APs running as campus APs (CAPs, controller-based) or Instant (IAPs)?
With Campus APs running in tunneled mode (the default), the copper port connecting to the AP only needs to contain the VLAN that the AP is connected to...in your case VLAN 30. The VLAN break-out for user/SSID traffic happens at the controller.
With IAP, the VLANs get tagged down to the APs, so your VLAN 30 needs to map to the management vlan configured on the cluster. By default, the management VLAN uses the native VLAN, so if your copper ports are configured as trunks with VLAN 30 as untagged, VLANs 10 and 20 as tagged, this should also work.
Aruba Customer Engineering