Configuring VLAN Settings for WLAN SSID Profile in Tunnel and Mixed Mode

To configure VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. settings for a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile, complete the following steps:

In the Classic Central app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
Under Manage, go to Devices > Access Points.
Click the Config icon.
The second-level tabs to configure APs are displayed.
Click the WLANs tab.
The Wireless SSIDs table is displayed listing the existing SSID profiles.
Perform one of the following actions:
- To create a new SSID profile, click +Add SSID.
  The Create a New Network page is displayed for creating a new SSID.
- To edit an existing SSID profile, click the row, and then click the edit icon.
  The Networks page is displayed for editing an existing SSID.
In the WLAN SSID configuration wizard, click the VLANs tab.
In the VLAN tab, select any of the following options in Traffic Forwarding Mode to create a network in tunnel mode:
- Tunnel—To forward client traffic to an HPE Aruba Networking gateway node in the tunnel mode network, select the Tunnel mode.
- Mixed—To use both bridge and tunnel forwarding modes, select the Mixed option. To enable APs to tunnel client traffic to a gateway node in the tunnel mode network, select a gateway cluster from the Cluster drop-down list.
Select one of the following options from the Primary Gateway Cluster drop-down list:
- For auto-group clusters, select <group name:auto_gwcluster_<group ID>_0>. For example, Group1:auto_gwcluster_243_0.
- For auto-site clusters, select <group name:auto_gwcluster_site_<site ID>_<group ID>_0>. For example, Group1:auto_gwcluster_site_8_243_0.
- For manual clusters, select <groupname:manualclusterprofilename>. For example, Group2:ManualCluster123.
The Primary Gateway Cluster drop-down list allows the APs to establish tunnels with the gateways in the tunnel mode network.
(Optional), select a secondary gateway cluster profile from the Secondary Gateway Cluster drop-down list.
You can use the Secondary Gateway Cluster drop-down list as a failover, when the primary cluster is unavailable.
Select the client VLAN assignment mode for WLAN clients and configure the following parameters:
- Static —Allows you to specify a VLAN ID of single VLAN in the VLAN ID text box. You can select the VLAN name that is mapped to the VLAN ID from the VLAN ID drop-down list.
  For more information, see Creating Named VLANs for Static VLAN Assignment in Bridge Mode.
  You can also include a large number of clients that need to be in the same subnet Subnet is the logical division of an IP network. by specifying the configure VLAN pool. For more information on configuring VLAN pool, see Configuring VLANs on HPE Aruba Networking Gateway.
- Dynamic—Allows you to assign the VLANs dynamically from a DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. server. You can also create a new VLAN assignment rules by clicking the + sign. The New VLAN Assignment Rule pop-up window is displayed to enter details such as attribute, operator, string, and VLAN ID.
  For more information, seeCreating Named VLANs for Dynamic VLAN Assignment in Bridge Mode.
  For Mixed mode, the assignment of a client to a VLAN is done by selecting Bridge or Tunnel as traffic forwarding mode for the VLAN in VLAN Assignment Rules table on the VLANs tab.
Click the Show Named VLANs section to view all the named VLANs mapped to the VLAN ID.
To configure the VLAN Name and VLAN ID mapping feature, click the Add Named VLAN option to enter the VLAN Name and VLAN ID that is required to be mapped.

VLAN 1 is AP's native VLAN and it is the VLAN for underlay network. It cannot be used for overlay SSID.
Click Next to configure security settings.

When you select <group name:auto_gwcluster_site_<site ID>_<group ID>_0> from the Primary Gateway Cluster drop-down list, the tunnel orchestrator service automatically allows the devices on the particular site to establish tunnels among themselves. For example, an AP in site S1 only establishes tunnel with a gateway in site S1. The AP in S1 does not establish a tunnel with the gateway in site S2.

When you add a MultiZone SSID to an AP group that has only foundation licenses, the tunnel orchestrator service does not establish IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels to the gateway clusters for the APs present in that group. As a result, all the existing tunnels are deleted. For example, if you inadvertently select a different cluster from the Primary Gateway Cluster drop-down list within the same AP group that has only foundation licenses, the WebUI displays the following error message—You have selected different cluster from other SSIDs. If APs in the current group have foundation licenses only, then the APs will lose connection with the gateway. Please note MultiZone feature requires advanced licenses.

Failover between a primary and secondary cluster is supported with a foundation AP license. An advanced AP license is only required if separate wired port or WLAN profiles within a configuration group are configured with separate primary cluster assignments in a MultiZone environment.