ArubaOS and Controllers

Reply
Guru Elite
Posts: 7,841
Registered: ‎09-08-2010

Private IP Address until authentication

Hello - We use public class B direct assignment for our IP address space and we have found that many addresses are wasted by users simply sitting in the login role as they walk through the buildings (mostly mobile devices).

Has anyone used private addresses for pre-authentication and then once the user is authenticated, move them to a public campus address? Is this possible?

Thanks

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

What can be done

What you would need to make this work is:

- A DHCP server that can be configured with lease times of seconds
- A "logon" role with the initial VLAN hardcoded
- A "success role" with that new VLAN hardcoded

The user would first sit in the logon role in that initial VLAN with a very short DHCP lease time. After the user authenticates, the user would be switched to a different "success" VLAN, but the client would NOT be able to pass traffic until an IP address from the new VLAN was received---that is where the short lease time comes in. The client will request a new IP and get placed into the new VLAN. Very tricky, but possible. The key is to have a DHCP server that allows you to configure scopes in seconds...

NAT, would be another suggestion.....
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: