Can I use the same SSID at different locations, with different VLANs?

  • 1
  • Question
  • Updated 3 years ago
  • Answered
I am planning on deploying Aerohive AP at a second location. I would like to use the same SSID at the new location, to make it easy for employees who travel between the two. The existing VLAN at the new site has a different name and addressing scheme than the existing site.

We are using 802.1x auth using Microsoft NPS (AAA) server, as well.

If I add the new VLAN to the existing profile, will the APs be smart enough to use the locally configured VLAN, or will using the same SSID at different locations give me heartache?
Photo of Daniel Oxenhandler

Daniel Oxenhandler

  • 8 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Sjoerd de Jong

Sjoerd de Jong, Employee

  • 97 Posts
  • 20 Reply Likes
Don't worry, you won't be having a heartache!

You can use VLAN's based on topology maps or AP tags to get this done:

first: Set up buildings and floors in the 'maps' section of HiveManager, and add the AP's to the appropriate buildings by placing them on their corresponding floors.

second: set up you SSID and NPS server in the network policy.

third: in the User Profile you choose to use with this SSID, click on '+'  next to 'Default VLAN'. Fill in the VLAN that is used the most within your organisation in the global field. Then click 'new' to create a new line. Fill in the VLAN number for one of the buildings here, choose 'topology Node' at ' type', and select the topology item that matches the VLAN.



Repeat this for all remaining buildings, save your Network Policy and upload it to the AP's.

From that moment on, when a client successfully authenticates to the SSID, they will be placed the the VLAN that is corresponding with the building the AP is in. 

Hope this makes sense!

Best regards,
Sjoerd
(Edited)
Photo of Daniel Oxenhandler

Daniel Oxenhandler

  • 8 Posts
  • 0 Reply Likes
Thank you, Sjoerd!

This looks like just what I needed.

:-)
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
The configuration would also have been possible with device tags rather than topology nodes.
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
That's how I divide my campus network into various sectors.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
This post just saved me from countless hours of creating separate policies. Thank you soo much!
(Edited)
Photo of Daniel Yardley

Daniel Yardley

  • 1 Post
  • 0 Reply Likes
What happen's when they move to another location while connected to the ssid? Do they automatically pick up a new address?
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
If the locations are not adjacent (i.e. they can't roam between APs in the two locations), then there is no issue as the client will disconnect and reconnect anyway.

If you need to support layer-3 roaming so that the client retains its original IP address and applications continue working seamlessly, then you need to configure the user profile with a tunnel policy to support layer-3 roaming ("Enable dynamic tunnelling for layer-3 roaming"). Then when a user roams, the AP they roam to will create a GRE tunnel back to an AP that has a connection to the original network. For this to work, the APs must be in the same Hive and be able to "see" each other via their wireless interfaces so they establish an AMRP neighbour adjacency. If the unlikely event where clients can roam successfully but the APs cannot see each other, you can create static AMRP adjacencies, but this is rarely needed.

In the tunnel policy, you can also specify an "unroaming" threshold so that when the traffic rate from the client drops below a threshold, the tunnel is torn down and the client is forcibly disconnected so that it reconnects and gets a new IP address. It's up to you whether you want to do this, or keep the GRE tunnels up for as long as the client is roaming. It's a balance between the extra network traffic resulting from the GRE tunnels vs. the disruption to the client's applications when the IP address changes.
Photo of kenneth shum

kenneth shum

  • 3 Posts
  • 0 Reply Likes
I'm using hire 6.6r1, why I don't have this option?
I'm using HiveManger Express, is it not supported in Express?
Photo of kenneth shum

kenneth shum

  • 3 Posts
  • 0 Reply Likes
I found the settings now, after upgraded to Enterprise version.