is there any issue in enabling MAC auth? otherwise you can also try named VLAN approach
perhaps it'll be best to talk to your local Aruba SE to see what can be done.
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Aug 08, 2023 03:47 PM
From: MH33
Subject: Dynamic VLAN assignment based on site
What is the recommended migration path for an on-prem managed v8 controller that uses Virtual APs to assign users to different VLANs based on the physical building?
On the existing controller, this Virtual AP group design allowed a consistent SSID configuration, but different VLANs per location.
In AOS10, it sounds like this can't be accomplished with dynamic vlan assignment, if a mobility controller is used. If we create different groups per site, then SSID configurations are unique to each site. Any SSID changes will require multiple touchpoints and I'm sure will lead to config drift over time.
Original Message:
Sent: Aug 08, 2023 06:49 AM
From: ariyap
Subject: Dynamic VLAN assignment based on site
Yes in tunnel mode you need to enable MAC auth, thats needed since you are using dynamic VLANs and role assignment rules.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Aug 07, 2023 03:17 PM
From: MH33
Subject: Dynamic VLAN assignment based on site
In previous deployments, we have done it successfully in bridge mode. In this case, we need it to be a tunneled SSID.
Original Message:
Sent: Aug 05, 2023 10:01 PM
From: ariyap
Subject: Dynamic VLAN assignment based on site
are you using PSK auth based SSID with Bridge mode for AOS10 APs?
if so I could set the PSK auth without MAC auth and use dynamic VLAN assignment based on AP names.
I am using AOS10.4.0.2
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Aug 05, 2023 11:22 AM
From: MH33
Subject: Dynamic VLAN assignment based on site
I have an environment moving from v8 on-prem managed to AOS10 / Central. The environment has 7220 controllers so we would like to continue using them to use tunnel SSIDs.
The deployment has numerous buildings, and there is an existing PSK SSID that maps sites to unique VLANS. Bldg A devices go on VLAN 10, Bldg B devices go on VLAN 11, etc.
On previous Central configurations (without mobility controllers / tunneled ), it was easy to accomplish this using dynamic vlan assignment on the SSID and based it on the access-point name..
On this configuration, if I try to base vlan assignment on AP name, it says I must enable mac authentication. If mac authentication is not used, the only dynamic vlan attribute available is client-mac address.
This is a very basic PSK SSID, and I do not want to introduce mac auth into the mix. The SSID is being phased out, but will be needed for a while longer.
Is there a way around this or a better way to assign unique VLANs per site?