Wireless Access

Hi all,

I have 10 sites with Aruba APs and controllers at each site.

Currently this is only doing corporate traffic; I want to add a BYOD guest SSID but concerned about separation.

Can I use multi zone to create a SSID that will travel to a physically separate controller I purchase to each site? So effectively I purchase 10 more small controllers; use multi zone to route this guest SSID to the new controller. This controller is then connected to a local internet feed I have on each site.

Manage these new controllers in a new separate MM or do it in the existing one?

Thanks

Let's take a look at how MultiZone works and then work backward to your design. When an AP boots, it is part of an AP group, and it connects to an MC to download it's configuration. This is all config, radio info, Ethernet info, WLANs, the works. In a MultiZone environment, this is the Primary Zone. If MultiZone is enabled, the MC will also tell the AP that it needs to talk to another MC because that other MC has permission to assign one or more WLANs to the AP (this is the Data Zone MC). The only thing the Data Zone MC can do is assign one or more WLANs to the AP (the number allowed is specified in the MultiZone profile that is defined on the Primary Zone) and is assigned to the AP group.

 

So let's dig a little deeper. The Primary Zone can be an MM managed, MCM managed, or Standalone OS 8 environment. The Data Zone can be an MM managed, MCM managed, or Standalone OS 8 environment, however it has to be a separate managed environment than the Primary Zone.

 

A MultiZone profile is created on the Primary Zone management platform, and assigned to an AP group. This profile includes the address of the Data Zone. After the AP get's it's configuration from the Primary Zone, using the Data Zone configuration profile, the AP will communicate with the Data Zone, presenting it's AP name and AP group to the Data Zone controller. The exact same AP group must exist on the Data Zone. The AP will talk to the Data Zone controller, which will have one or more WLANs assigned to the AP group, and the  Data Zone WLAN configuration will be downloaded to the AP.

 

So assuming your internal corporate network is MM managed, you can create separate MultiZone profiles for each of your 10 locations. Each profile will be for a different location, directing the APs in that location (using the AP group name) to the local MC as the Primary Zone and a new Data Zone MC. Each profile will be assigned to the AP group at a location, and that AP group would have to also exist on the Data Zone MC at that location. The Data Zone MC will have the guest WLAN assigned to the AP group at that location.

 

The Data Zones could be 10 separately managed ArubaOS 8 Standalone MCs, however, I think (not 100% sure of this, but it makes sense to me) that the 10 Data Zone controllers could be part of their own MM managed environment, and of course the Primary Zone controllers would be part of their own MM managed environment. Realize that the Primary and Data Zones must run the same OS versions. This will need some testing to verify and validate (by you, not me).  :-)

 

I hope this helps,