Aruba & ProVision-based
1748089 Members
4818 Online
108758 Solutions
New Discussion

Re: Trunking Access Point Ports

 
CommanD
Member

Trunking Access Point Ports

Salute,

Glad to be a part of the community. Am fairly new to HP Pro Curves and the network am sitting on so here goes,

Router/Switch - J8697A Routing enabled

Switches - J9772A

Mobility Controller - Aruba 3600

Domain Controller - WIN 2012 Server

 

The mobility controller has SSIDs configured to work with specific VLANs i.e Wireless is VLAN161 is configured to use network 10.52.161.0 and has to pick its IP from the DC scopes which is working perfectly. The port from the core switch to the DC is an access port but the DC can still give IPs from different VLANs like the wireless ones in 161 as earlier mentioned

The Access Points are untagged for access at the switch ports[VLAN161]

I have been asked to configure SSIDs that are specific to VLANs through the Access Points and the IPs have to come from the DC scopes. Here are my very few humble questions.

*Can this be done?

*Will the access points be able to pick IPs from the DC and provide access if the ports they are configured on are trunked? i.e vlan 122 tagged, vlan 161 tagged

*What config do i need to be able to communicate from one switch on the network to a VLAN IP at the Router

 

 

Thank you so much in advance.

3 REPLIES 3
BjKo
Frequent Advisor

Re: Trunking Access Point Ports

*Can this be done?
Of cause. VLAN 161 will be your management VLAN and in the SSID config you can set the egress VLAN ID. This is your tagged VLAN in which the clients traffic will be placed.

*Will the access points be able to pick IPs from the DC and provide access if the ports they are configured on are trunked? i.e vlan 122 tagged, vlan 161 tagged
The APs themself don't need IP adresses in the specific VLANs. You have to configure a DHCP Relay (or DHCP Helper) on your router. The router will forward DHCP discover packets to the DHCP server and the client will get an IP from the subnet.

*What config do i need to be able to communicate from one switch on the network to a VLAN IP at the Router
You need a Gateway in each subnet, so that clients can communicate outside of the subnet. 
You need to tag the VLAN over every link between network devices (Switches, Router, AP, ...) to prevent configuration errors. 

CommanD
Member

Re: Trunking Access Point Ports

Thank you so much for your response i will look at this and let you know my finds.

Thanks again.

CommanD
Member

Re: Trunking Access Point Ports

Hello,

I did everything as you suggested and i am still getting IPs from a different VLAN from the Access SSID.

e.g

The STAFF VLAN is 161

SSID: STAFF

IP scope: 10.52.161.0/21

 

The Student VLAN is 122

SSID: Access

IP scope: 10.52.122.0/23

The DC is 10.52.101.10

 

Router config for the VLANs is shown below

Running configuration:

vlan 122
   name "CIK-STD-FDN-WLN"
   tagged Trk1-Trk2,Trk4,Trk20,Trk35-Trk36,Trk38,Trk101-Trk103
   ip helper-address 10.52.101.10
   ip address 10.52.122.1 255.255.254.0
   ip ospf 10.52.122.1 area backbone
   exit

CORE-GND-001# show running-config vlan 161

Running configuration:

vlan 161
   name "WIRELESS"
   tagged Trk1-Trk2,Trk4,Trk20,Trk35-Trk36,Trk38,Trk101-Trk103
   untagged B24
   ip helper-address 10.52.101.10
   ip address 10.52.161.1 255.255.252.0
   exit

From the controller 10.52.161.2 i can ping the DC and viseversa. The controller itself can get to 10.52.122.1 so, why am i only getting IPs from 161 no matter the SSID i setup. It keeps defaulting to the 161 network and all the IPs listed as being given to the APs are 161 IPs. The controller can only pick up the APs and show them in the controller 'IF' they get a 161 IP.

WHY CANT I GET AN IP FROM 122?? excuse the caps but am getting bald from the frustration

i have attached a couple of screen shots for reference

Thank you