HOW TO: Aruba IAP Zones

/ April 30, 2017

Recently I came across a customer that has Aruba Instant APs (IAP) that they wanted to selectively broadcast SSIDs throughout the deployment. On an Aruba controller environment, this was something that most everyone knows how to do. You could build out multiple AP groups with only the needed SSIDs selected in the VAP profile, or use the AP specific commands to add the SSID. However, in an IAP environment this wasn’t something that I had ever had the need to do. After some research and testing in my lab, I found out that the steps to accomplish this were relatively easy.

Below is an example of how to do this using the Aruba IAP platform.

Example Use Case:

Hotel customer has a “Public” network they want to broadcast in the hotel lobby, but wants to broadcast a “Private” pay-as-you-go network in other areas like hotel rooms.

Resolution:

Within the IAP architecture, Aruba has implemented a “Zone” feature that is configurable in both an Airwave managed IAP cluster and non-Airwave managed cluster. The purpose of this feature is to allow selective broadcast of SSID within an IAP deployment. It functions by only allowing a configured SSID to broadcast on IAPs that have matching zone configuration.

An example of non-Airwave managed configuration can be seen in the IAP Virtual Controller WLAN settings (Figure 1) and the individual IAP settings (Figure 2).

iap_vc_1

Figure 1: IAP Virtual Cluster SSID Configuration

iap_vc_2

Figure 2: IAP Access Point Zone Configuration

Airwave managed cluster configuration examples using the IAP GUI Config are shown here:

iap_vc_3

Figure 3: Airwave SSID Zone Configuration

iap_vc-4

Figure 4: Airwave IAP Zone Config

Once configured, you will see in Figure 5 that a scan of the spectrum shows the correct deployment. In this example one IAP was configured in zone “225” with the Public SSID being configured in the same zone. Thus, only the IAP (Channel 1/52) is broadcasting the Public SSID. The Private SSID was not configured with a zone and thus is broadcast on ALL IAPs in the cluster (IAPs Channel 1/52 & 11/116).

iap_vc_5

Figure 5: Wifi Explorer Discovery

Caveats:

The following constraints apply to the zone configuration:

  • An IAP can belong to only one zone and only one zone can be configured on an SSID.
  • If an SSID belongs to a zone, all IAPs in this zone can broadcast this SSID. If no IAP belongs to the zone configured on the SSID, the SSID is not broadcast.
  • If an SSID does not belong to any zone, all IAPs can broadcast this SSID.

Device versions:

IAP 225/325: 6.4.4.8-4.2.4.4

Airwave: 8.2.3

Good luck building your configs and if you have any questions let me know!

-Scott

Related posts

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s