Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
The MultiZone feature enables you to segregate the tunnel traffic of virtual APs to different gateways. MultiZone allows organizations to have multiple and separate secure networks while using the same AP. It also allows the AP to terminate SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. to multiple gateways that reside in different zones or clusters. A zone is a collection of gateways under a single administration domain. The zone can have a single gateway or a cluster setup. Each zone operates independently, with its own set of configuration settings and policies. A MultiZone configuration exists when an Classic Central configuration group includes wired port and/or WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. profiles with each having separate primary cluster assignments.
Initially, when the AP boots up, the first zone it contacts is known as the primary zone. The MultiZone configuration is forwarded to the AP based on the primary cluster configuration of different SSIDs. In the same group, each SSID can choose a different primary cluster to form a different zone. The AP virtually connects to each zone independently. Hence, the tunnel traffic is segregated based on the SSIDs. Data zone is the secondary zone that an AP connects to after receiving the MultiZone configuration from the primary zone. If there are MultiZone profiles configured in the AP group or AP name profile of the primary zone, then the AP enters MultiZone state and connects with the specified data zones.
The maximum number of allowed clusters is 5 and the total number of allowed gateways is 12.
The gateways in different zones are independent and do not communicate with one another.
An Classic Central configuration group that includes wired port and/or WLAN profiles with the same primary or secondary cluster selections is not considered a MultiZone setup.
The following figure illustrates the configuration of the MultiZone feature between two zones.
Figure 1 MultiZone Configuration
In the above diagram, Client 1 and Client 2 connect to VAP-1 and VAP-2 respectively. The MultiZone configuration segregates the tunnel traffic of VAP-1 and VAP-2 and forwards the traffic to different gateways under Zone 1 and Zone 2.
Guidelines for MultiZone
Following are the guidelines for configuring MultiZone:
- Different virtual APs can map to different zones. For example, VAP-1 can connect to one cluster and VAP-2 can connect to another cluster.
- The AP creates the tunnels with different clusters and not with a single cluster.
- Different clients can connect to different virtual APs. For example, if one client connects to VAP-1, the AP sends client traffic to Zone 1. Similarly, if another client connects to VAP-2, the AP sends client traffic to Zone 2.
- The MultiZone feature requires an advanced license, and is disabled in the absence of the advanced license. Only an AP with advanced license can establish active SSID tunnels with data zone gateways. The AP with foundation license cannot establish active SSID tunnels with data zone gateways.
- If MultiZone configuration is applied to an AP with a foundation license, all the tunnels on the AP go down. If the configuration group includes APs with a foundation license, a warning message is displayed in the WLAN or wired port configuration wizard prior to saving the MultiZone configuration. Additionally, an entry is added to the Audit Trail to indicate that the tunnels went down on each impacted AP.
For more information on configuring MultiZone, see Configuring VLAN Settings for WLAN SSID Profile in Tunnel and Mixed Mode.
