Can I restrict users connecting to multiple dot1x SSIDs with same Radius server?

Aruba Employee
Aruba Employee

Environment : Controller with multiple dot1x SSIDs running 5.x and above code


Two SSID's (example SSID 1 & SSID 2), both uses same RADIUS server (Microsft NPS), 
Requirement is that user A should connect only to SSID 1 and USER B should connect only to SSID 2. 
NPS cannot inspect additional radius attributes that Aruba sends that indicates what SSID a Radius Authentication comes from.  The Aruba controller sends the following additional parameters:
To get around this when using NPS, you can:
- Create 2 Radius Server Groups
- Duplicate your first Radius Server (exact ip address, key etc)
- For each individual Radius server, edit the NAS-ID field to any text you want to differentiate one from the other
- Use the NAS-ID as an additional rule on the NPS server
rtaImage (7).jpg
Version history
Revision #:
1 of 1
Last update:
‎04-07-2015 02:12 PM
Updated by:
Search Airheads
Showing results for 
Search instead for 
Did you mean: