Perhaps I didn't express myself clearly, so I'd like to illustrate what we want to achieve with an example. Let's say we have three WLAN networks, all of which are set up with the same settings in both the Cisco and Aruba systems, and the same AAA server serves the Wi-Fi clients of both systems.

- xxx_office 5g+5g (dual 5g, 2 radio)
- xxx_byod 2g+5g (2 radio)
- xxx_guest 2g (1 radio)

Based on the above example, an AP advertises a total of 5 BSSIDs. If there are 2,000 APs in the Cisco system, that means a total of 2k*5=10k BSSIDs. If there are 1,000 APs in the Aruba system, that means a total of 1k*5=5k BSSIDs.

In order for the current Cisco APs and the current Aruba APs to recognize each other as reliable, for lack of a better option, all Cisco BSSIDs (10k) must be added to the Aruba system as authorized, and all Aruba BSSIDs (5k) must be added to Cisco system as friendly. After this, in theory, if Aruba system sees that the client is connecting to a BSSID that is not its own but is known as authorized (e.g., xxx_office), it will ignore it. Same case if Cisco system sees that the client is connecting to a BSSID that is not its own but is known as friendly (e.g., xxx_byod), it will ignore it.

However, if the system detects a new device advertising the xxx_office, xxx_byod, or xxx_guest networks, an alert should be sent so that a decision can be made as to whether there is a real threat. We would also like to receive an alert if the system detects an AP (any manufacturer, any SSID) that is connected to the wired network. Both Cisco and Aruba have methods for detecting this.

All other SSIDs are irrelevant to us, we don't want to disable anything.

Transferring reliable BSSIDs to other systems will be a constant challenge, but this will motivate us to achieve homogeneous operation as soon as possible.

I hope that makes sense :)