Wireless Access

Hi everyone and thanks in advance for your help

I come for a long Cisco Wireless backround, and this is kind of embarrasing, but I am unable to find how to assign the clients of a tunneled WLAN with PSK to different VLANs depending of their location. 

I am using a 7205 with ArubaOS 8.6

Knowing that an AP Group is a group of APs sharing the same configurations, I´ve configured let´s say 30 AP Groups depending on the location they are covering. Per example:

AP Group LocationA: SSID1, SSID2, SSID3

AP Group LocationB: SSID1, SSID3, SSID4, SSID5

AP Group LocationC: SSID1, SSID2

AP Group LocationD: SSID1, SSID5

etc...

My goal is to assign the clients of SSID1 to VLAN AA if they are in LocationA, VLAN AB if they are in LocationB, VLAN AB if they are in LocationC etc. The equivalent for the other SSIDs and locations.

The SSID and authentication method must be the same on all locations, so if a worker has to move to another location, will be able to have WiFi. I´m sure it must be an easy task to do, but I´m struggling to find how to do it. When I´ve read on the forums, I think I´ve found something about creating different Virtual APs, but when I´ve tried that, let´s say SSID1_clone, "SSID1_clone" is the broadcasted WLAN I get. I probably did´nt undertand how to configure it properly...

All help is welcomed and appreciated.

Regards

When you need the same SSID with a different VLAN per location you can create different virtual ap profiles.

A virtual AP profile is what you assigned to ap group.

A virtual AP profile contains:

- vlan information

- ssid profile

- aaa profile

So you can create different virtual ap profiles with different vlans, but with the same ssid and aaa profiles. The virtual AP profiles you connect to the right location ap group.

Hope this help you.

Hi MKK

Your help is much appreciated. I´ll take a look at it tomorrow as now I´m not with the MC.

One more question: Before configuring the WLANS I configured the VLANs named, as per below (following my initial example):

Vlans_SSID1: AA, AB, AC, AD, etc...

Vlans_SSID2: BA, BB, BC, BD, etc...

And then, when configuring the WLANs, for the SSID1, I assigned the named vlan "Vlans_SSID1". Will this help on the configuration of the Virtual AP Profiles?

Thanks and regards

Hi Waterhead,

"Named vlans" are infact "vlan pools", the given name is a little strange.

What a vlan pool (or named vlan) means is that you can bound more than one vlan to an ssid.

For example if you connect a named vlan "test" to an ssid and that pool is configured with 3 vlans, the clients where random place in a vlan. This was to solve an issue when you have to extend client in small broadcast domains (vlans)...

In the end... I don't like to use "named vlans / pools", it can bring some challenges ;). Its no problem to use a named vlan with one vlan in it, so you can easy recognize its function.

The use of named vlans or vlan id in your virtual ap profile, does not have any benefits for our situation.

Please note that configuring from "MD group > configuration > wlan" is just a wizard that auto creates the underlaying virtual ap / aaa / ssid profiles.

Better you configure the profiles manually by enabling "show advanced profiles" in the right uper corner under you login name > preference. This make the advanced profiles visable in the wizard GUI.

Even better, use the CLI to speed things up.

Just understand that "configurtion > wlan" is a wizard. It shows the virtual AP profiles but every change wil change the underlaying ssid and aaa profile that can be used in more than one virtual ap profile.

To make it more easy for you....

First create one SSID with the "md group > configuration > wlan wizard. This will create your first virtual ap profile and create the aaa and ssid profile which will be re-used.

The next step is from the CLI:

Login on the Mobility Master
# cd /md/manageddevicegroup
# configure terminal

# wlan virtual-ap corp-vap-profile (give the virtual-ap profile a unqiue name with location ID, AP group for example)

# vlan emp-vlan (named vlan pool or ID)
# ssid-profile corp-ssid-prof (re-use)
# aaa-profile corp-aaa-prof (re-use)
# exit
# write mem