Controller Based WLANs

Can I derive vlan based on roles in 6.3?

Aruba Employee
The answer is Yes Role based vlan derivation is still possible in 6.3. However if you have 8021x authentication enabled , it would not work in intermediary roles in 6.3.
 
(Aruba) (config) #user-role guest
(Aruba) (config-role) #vlan ?
STRING                  VLAN ID or Named VLAN
 
 
Role Based VLANs from the intermediate Machine Roles “Machine Authentication: Default Machine Role” and “Machine Authentication: Default User Role” will not be supported. 
In case both Machine Authentication and User Authentication succeeds, derivations of all the VLANs as of today will continue to be supported. 
 
Existing behavior: 
=============
       If Machine Authentication is configured and during Machine Authentication or User Authentication without passing Machine Authentication, none of the server attributes are honored. Once Machine Authentication passes, a User gets the “Machine Authentication: Default Machine Role” and if User Authentication passes without Machine Authentication passing, a User gets “Machine Authentication: Default User Role”. As far as VLAN derivation is concerned for the above two cases, the only derivations possible are the Role Based VLANs from the above two roles. In case of both Machine Authentication and User Authentication Pass, the server attributes during the User Authentication are honored.
  
In 6.3 the design has been changed:- 
===========================
With machine authentication enabled, the VLAN to which a client is assigned (and from which the client obtains its IP address) depends upon the success or failure of the machine and user authentications. The VLAN that is ultimately assigned to a client can also depend upon attributes returned by the authentication server or server derivation rules configured on the controller. If machine authentication is successful, the client is assigned the VLAN configured in the virtual AP profile. However, the client can be assigned a derived VLAN upon successful user authentication.
 
Refer for derivation process: 
====================
https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/How-does-L2-authentication-based-vlan-derivation-work-Explain-the-precedence-of-priority-levels

User-added image

 

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 12:06 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.