ArubaOS and Controllers

Occasional Contributor I
Posts: 6
Registered: ‎09-17-2007

IAS Authentication and Aruba Roles

Does anyone have some good documentation on how to work with Microsoft's IAS for authentication and using the information you get from there to assign Roles on the Aruba controller?
I will start out by saying I am VERY new to IAS, and fairly new to Aruba controllers.
What I want to do is be able to elevate the role of users based on the IAS policy they are accepted access by. Therefore I can have Active Directory group for users that I want to allow more access to and/or remove bandwidth contract on the same Aruba network.
Any assistance is appreciated.
Occasional Contributor I
Posts: 5
Registered: ‎09-01-2009

Re: IAS Authentication and Aruba Roles

Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

Re: IAS Authentication and Aruba Roles


I may be able to offer some assistance as I have what sounds like what you are trying to do in production.

The way I have configured my IAS is to send filter-id attributes back to the controller. I then use the filter-id to create server rules and assign user-roles based on that filter-id.

aaa profile "CORPORATE-aaa-profile"
authentication-dot1x "CORPORATE-dot1x-profile"
dot1x-default-role "guest"
dot1x-server-group "CORPORATE-server-group"

aaa server-group "CORPORATE-server-group"
auth-server IAS02
auth-server IAS03
set role condition Filter-Id equals "Staff" set-value AD-Staff
set role condition Filter-Id equals "Students" set-value AD-Student

If this sounds like what your are trying to do let me know and I will be happy to help.

Frequent Contributor II
Posts: 110
Registered: ‎12-07-2007

Re: IAS Authentication and Aruba Roles

I've done the same but I used the "Class" attribute. Works very well. It helps if the return attribute has the same name as your AD group (for the human side of things, not technical side). Make sure to put the policies in order you want them on the radius server since it is possible users are members of more than one group (we have to put IT policy before employee policy else IT would get employee role).
Search Airheads
Showing results for 
Search instead for 
Did you mean: