Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎11-10-2015

How can we use different Active Directory groups to give access to different networks?

Hi there.

We have several small sites with Aruba 105/205 networks.  Each site may have several networks defined for different purposes (staff, guests etc). 

Each AP is setup on the Radius server.

 

The question is: how can we setup this infrastructure up so that each access to each SSID is controlled by AD group membership?  So some AD users may have access to SSID1 while not having access to SSID2?

 

Regards,

Ciaran Foster.

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: How can we use different Active Directory groups to give access to different networks?

Clearpass can easily do this task. Basically, we can take the user context along with the SSID and location context into account to make intelligent policy decisions.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor I
Posts: 6
Registered: ‎11-10-2015

Re: How can we use different Active Directory groups to give access to different networks?

Hi there.

Thanks for the prompt reply.

Can you clarify whart Clearpass is?

Is that a separate product we would need to purchase?

 

My understandng is all we have are a selection of Aruba APs and we use Instant to configure these (create SSIDs etc).  I do not believe we have any other Aruba products here so are you saying I cannot implement this without extra software?

 

Thanks and regards,

Ciaran Foster.

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: How can we use different Active Directory groups to give access to different networks?

Clearpass is a AAA policy management solution leveraging RADIUS at its core. Yes - it's a separate product and in order to accomplish this, something like Clearpass would be recommended. 

 

Your only other option is to use local user accounts in the IAP cluster vs. AD usernames and passwords.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
Showing results for 
Search instead for 
Did you mean: