You are here: Home > Configuring ArubaOS Features > MultiZone > Overview

MultiZone

The MultiZone feature allows organizations to have multiple and separate secure networks while using the same access point. It also allows AP to terminate to multiple managed devices that reside in different zones. A zone is a collection of managed devices under a single administration domain. The zone can have a single managed device or a cluster setup.

Traditionally, one AP was managed by a single zone where the configuration was generated on a master controller and synchronized across all other local controllers. Starting from ArubaOS 8.0.0.0, MultiZone AP is supported and an AP can be managed by multiple zones. Different zones can have different configurations. The managed devices in different zones do not communicate with one another.

Initially, when the AP is booted up, the first zone it contacts is called the Primary Zone. When the AP boots up on a managed device, and the primary zone managed device configures the AP including the BSSBasic Service Set. A BSS is a set of interconnected stations that can communicate with each other. BSS can be an independent BSS or infrastructure BSS. An independent BSS is an ad hoc network that does not include APs, whereas the infrastructure BSS consists of an AP and all its associated clients. , radio channel, radio power, and other features. The primary zone can configure MultiZone profiles to enable the MultiZone feature.

Data zone is the secondary zone that an AP connects to after receiving the MultiZone configuration from the primary zone. If there are MultiZone profiles configured and associated in the AP group or AP name profile of the primary zone, then the AP enters MultiZone state and starts connecting with the specified data zones. Only one MultiZone profile per ap-group or ap-name can be attached. The data zone managed device must be configured with the same AP group or AP name profile as the primary zone. When the AP connects to the data zone managed devices, there is a flag in the HELLO message indicating that the AP is connecting to the zone as a data zone. The data zone managed device then can configure additional BSSs.

The AP virtually connects to each data zone independently. Each data zone’s network change or failure does not affect the management of an AP from other data zones. The data zone can configure the AP separately and the AP will apply each configuration. However, if the primary zone goes down, then all the data zones will be affected including the traffic on the data zone.

For example, the first zone has SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-1, SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-2 configured and has stand-alone setup, while the second zone has SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-3, SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-4 configured and has cluster setup. Then, the MultiZone AP receives both configurations and provides service for all the four SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. with no communication between the managed devices.

The MultiZone feature allows the client traffic of different ESSExtended Service Set. An ESS is a set of one or more interconnected BSSs that form a single sub network. to go to different managed devices into various zones without cross-contamination. The client traffic of the specific ESSExtended Service Set. An ESS is a set of one or more interconnected BSSs that form a single sub network. is encrypted and tunneled directly from AP to the managed devices using the tunnel mode. All devices in the path including the primary managed device managing the AP are automatically secured. Client wireless frames are encrypted or decrypted for the corresponding SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. data zone managed device in the secure zone.

All the zones can have a maximum of 12 managed devices and 16 VAPs per radio and a maximum of 5 zones are supported including the primary zone.

Starting from ArubaOS 8.3.0.0, MultiZone supports Decrypt Tunnel forwarding mode on the data zone Virtual APs.

Following sections describe the functional flow, licenses, and features of MultiZone:

/*]]>*/