Wireless Access

 View Only

  • 1.  Different VLAN-IDs per AP Group

    Posted Apr 30, 2026 05:23 AM

    Hello,

    I have a scenario where I have APs seperated per campus by AP Groups. There are 5 total AP Groups that are separated geographically (so I don't anticipate roaming issues). I have 1 ssid that is used on all campuses and clearpass passing back the aruba-user-role attribute. My confusion is how to setup the logic to have the controller assign different vlan-ids based on which AP group the client is located. This will be setup as bridged mode so I need a way to assign the roles different subnets based on location.

    I know I could probably have the logic in Clearpass to send back a vlan-id with a role but I am wondering if there is a better way to do that on the controllers and keeping Clearpass for identity only instead of identity and location.

    Any help would be greatly appreciated on this.

    Thanks,



    -------------------------------------------


  • 2.  RE: Different VLAN-IDs per AP Group

    Posted May 04, 2026 08:00 AM

    Is that AOS8 with Mobility Conductor?

    Regardless the details, probably the use of Named VLANs is one answer that can work. Always return the VLAN name, then on controller level or group level associate a different VLAN id to the same VLAN name.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Different VLAN-IDs per AP Group

    Posted May 05, 2026 05:15 AM

    You can use the User Rules to assign a VLAN. You can find them in the Mobility Conductor under Configuration/Authentication/User Rules. For example, the AP name can be used for VLAN assignment. Here is a link to the online documentation.

    I would handle all of this in ClearPass - both authorization and VLAN assignment. It makes troubleshooting easier.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



Related Content