Wireless Access

Reply
Highlighted
Contributor II

Separate AP VLAN vs IDS

Hi!

I have a question about deploying AP's in separate VLAN.

VRD_Aruba Mobility Controllers_8.pdf states:

 

"The other downside to this approach is that AMs become less effective, because they can no longer see user traffic that may be exiting a rogue AP on the wired side of the network."

 

This customer wants to have AP's in separate VLAN but also requires IDS.

 

Let's say Office VLAN is 11 and AP VLAN is 12, would it help to put all AP on trunk ports with native VLAN 12 and hearing all other VLANs to retain IDS capability?

 

Thanks,

        -V.D.


Accepted Solutions
Highlighted
Guru Elite

Re: Separate AP VLAN vs IDS


@v.dvorak wrote:

Hi!

I have a question about deploying AP's in separate VLAN.

VRD_Aruba Mobility Controllers_8.pdf states:

 

"The other downside to this approach is that AMs become less effective, because they can no longer see user traffic that may be exiting a rogue AP on the wired side of the network."

 

This customer wants to have AP's in separate VLAN but also requires IDS.

 

Let's say Office VLAN is 11 and AP VLAN is 12, would it help to put all AP on trunk ports with native VLAN 12 and hearing all other VLANs to retain IDS capability?

 

Thanks,

        -V.D.


yes

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Separate AP VLAN vs IDS


@v.dvorak wrote:

Hi!

I have a question about deploying AP's in separate VLAN.

VRD_Aruba Mobility Controllers_8.pdf states:

 

"The other downside to this approach is that AMs become less effective, because they can no longer see user traffic that may be exiting a rogue AP on the wired side of the network."

 

This customer wants to have AP's in separate VLAN but also requires IDS.

 

Let's say Office VLAN is 11 and AP VLAN is 12, would it help to put all AP on trunk ports with native VLAN 12 and hearing all other VLANs to retain IDS capability?

 

Thanks,

        -V.D.


yes

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Highlighted
Contributor II

Re: Separate AP VLAN vs IDS

OK, thanks!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: