TL;DR – in oversimplified terms a Virtual AP (VAP) is what other vendor kit calls an SSID (or WLAN in Cisco speak). Read on if you need more than that.
The Aruba concept of “virtual APs” (VAP) can be hard to get your head around at first. I know I struggled coming from the Cisco way of doing things. The aim of this post is to provide a very simple explanation of what they are for people feeling lost and a little overwhelmed by the subject.
To understand where Aruba is coming from with the language “virtual AP” I think it is useful to step back and recap a couple of 802.11 fundamentals. This is the sort of knowledge you gain from CWNP’s Certified Wireless Network Administrator (CWNA) course, which is a must have for any WLAN professional.
What is an Access Point?
In our industry an Access Point (AP) is a piece of hardware that transmits one or more wireless networks for our clients to connect to. Although modern access points can contain multiple different radios, for the purpose of this explanation we need to simplify it down to being a single transmitter for our wireless network(s). In other words, an AP is a single physical wireless network transmitter.
In the previous paragraph I deliberately alluded to the fact that this single physical transmitter can support multiple wireless networks.
What are SSID/ESSID/BSSIDs?
I think most people, even IT professionals outside of networking, know that an SSID is the wireless network name. Your SSID at work might be your company name (e.g. AcmeFood), the category of people who should be connecting to it (e.g. employee or guest), and some infamous hospitality SSIDs are ‘hhonors’, ‘Marriott_Guest’, and ‘Boingo’.
When you have an SSID that you transmit/support out of more than one Access Point then this is know as an Extended SSID (ESSID).
But what about when you have multiple SSIDs coming out of a single Access Point? Well, this terminology can be a bit confusing in my opinion.
When an AP transmits your SSID (aka wireless name) it has to map the SSID to a MAC address so that APs and clients know what is the Source and Destination of the Layer 2 frames for that SSID. This SSID-to-MAC mapping is known as a Basic SSID (BSSID).
Enterprise APs are capable of supporting multiple BSSIDs. Your work APs probably have multiple SSIDs coming out of them, and each one is a different BSSID. Why the need for a separate term? Well, even though the SSID will be the same across all APs in your company, the BSSID MAC will be unique to each AP. After all, we can’t have duplicate Layer 2 MAC addresses in our network or frames and packets wouldn’t route correctly.
Let me give an example of this. You have 3 APs in your office and they all transmit the SSIDs ‘Employee’ and ‘Guest’. The table below is a very simplified version showing that every BSSID is unique across all APs.
SSID | AP1 | AP2 | AP3 |
Employee | BSSID = a1:b1:c1:d1:e1:fa | BSSID = a2:b2:c2:d2:e2:fa | BSSID = a3:b3:c3:d3:e3:fa |
Guest | BSSID = a1:b1:c1:d1:e1:fb | BSSID = a2:b2:c2:d2:e2:fb | BSSID = a3:b3:c3:d3:e3:fb |
What is a WLAN?
When you build an SSID you have to define several parameters. Typical parameters are SSID name, security level, passphrase or RADIUS server, and VLAN access. But there can be hundreds of settings for an SSID, such as 802.11k/r/v support, data rates, QoS, band steering, etc.
Often these parameters will differ between SSID. Your guest SSID might have open security and access to an internet-only VLAN, while your employee SSID uses Dot1X RADIUS authentication and a VLAN with corporate server access.
Each SSID can be thought of as a separate mini wireless network (or WLAN), because they can serve very different purposes/audiences. In fact, if you’re familiar with Cisco wireless, you don’t configure SSIDs on Cisco, you configure “WLANs”.
Why are you boring me with these basics?
As you can see from the last three sections, a single physical access points can transmit multiple SSIDs which can be considered unique WLANs. When you configure an AP to transmit two SSIDs it is like you are mounting two APs on the ceiling next to each other.
And this is where Aruba uses the concept of “Virtual APs”. You install a single physical piece of AP hardware that acts like multiple Virtual APs. But really, we’re just talking about a bunch of settings that define how an SSID or WLAN operates. It is simply a more descriptive way of saying SSID/WLAN.
If this still doesn’t quite make sense to you, or you want to dig into it more, then I highly recommend the ‘Understanding ArubaOS version 8.x’ book by David Westcott. This book greatly helped me understand this concept better, especially the awesome visual below which shows the key components that can go into building an SSID/WLAN/VAP. If you go to David’s website you can download this image along with many other useful reference images from the book.
Andrew awesome job as always. You have a true gift of explaining things that’s makes sense to everyone…even an old colleague.
Hi Andrew—
Where exactly would I specify which SSIDs an AP group should be broadcasting?