ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 7
Registered: ‎01-09-2009

Guest SSID and 3 different types of Users

I'm trying to setup my Guest SSID to support three different kinds of users. My guest SSID is setup with a Captive Portal and works properly.

First user would be any support/vendor, they call and get a username/password from IT support.

Second user set would be teachers wanting to use personal devices on the wireless network, they would connect and use their AD username/password to auth, this works, I also have radius setting the class so that I can apply a Staff Role to them.

The third user set is students that would like to use personal devices on the wireless network. Once again, they use AD username/password to auth and radius sets the class to students, which I apply a different role to.

The logging in and setting the Roles works just fine. The problem is making sure that staff and students are being filtered via websense. I have tried using dst-nat but there is a problem. If websense doesn't know who you are they prompt you for a username and password, if I have dst-nat on, I do not get this prompt. I haven't been able to determine why yet.

Has anyone come across anything like this before?

Thanks,
Jason
Guru Elite
Posts: 20,017
Registered: ‎03-29-2007

Source Address


I'm trying to setup my Guest SSID to support three different kinds of users. My guest SSID is setup with a Captive Portal and works properly.

First user would be any support/vendor, they call and get a username/password from IT support.

Second user set would be teachers wanting to use personal devices on the wireless network, they would connect and use their AD username/password to auth, this works, I also have radius setting the class so that I can apply a Staff Role to them.

The third user set is students that would like to use personal devices on the wireless network. Once again, they use AD username/password to auth and radius sets the class to students, which I apply a different role to.

The logging in and setting the Roles works just fine. The problem is making sure that staff and students are being filtered via websense. I have tried using dst-nat but there is a problem. If websense doesn't know who you are they prompt you for a username and password, if I have dst-nat on, I do not get this prompt. I haven't been able to determine why yet.

Has anyone come across anything like this before?

Thanks,
Jason




Does your websense decide who to interrogate based on subnet? What is the source address of the users who are DST-NATTED?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor II
Posts: 20
Registered: ‎04-29-2008

Re: Guest SSID and 3 different types of Users

In our case, each traffic category gets dumped on a separate vlan by the Aruba controller.

Both our Fortigate firewall and PacketShaper traffic manager act according to the incoming/outgoing vlan.

Works like a charm.
Search Airheads
Showing results for 
Search instead for 
Did you mean: