AAA, NAC, Guest Access & BYOD

Using VLAN pooling with Endpoint_Compliance_System (ECS)

by on ‎07-01-2014 02:50 PM

The Endpoint Compliance System (ECS) could return either the VLAN ID or the role name to the controller via attribute in the Radius accept message. 

VLAN pooling allows the controller to populate users into set of VLAN defined in the virtual AP profile. 

If VLAN pooling is configured on the virtual AP profile, ECS must return the role name to the controller in the Radius accept message and in the role must not have any VLAN ID configuration. 

Example: 
user-role staff 
session-acl allowall 

wlan virtual-ap "vlanpooling" 
   vlan 100-102 

Note that the the Policy Enforcement Firewall (PEF) license is needed if you want to create custom user role. 

Note that the Default role is the role return to the controller after the users are registered and verified by the ECS.

 

vlanID.JPG

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.