Controller Based WLANs

Can I restrict users connecting to multiple dot1x SSIDs with same Radius server?

Environment : Controller with multiple dot1x SSIDs running 5.x and above code

 

Requirement:
Two SSID's (example SSID 1 & SSID 2), both uses same RADIUS server (Microsft NPS), 
Requirement is that user A should connect only to SSID 1 and USER B should connect only to SSID 2. 
 
NPS cannot inspect additional radius attributes that Aruba sends that indicates what SSID a Radius Authentication comes from.  The Aruba controller sends the following additional parameters:
 
Aruba-Essid-Name
Aruba-Location-Id
 Aruba-AP-Group
 Aruba-User-Vlan
 
To get around this when using NPS, you can:
 
- Create 2 Radius Server Groups
- Duplicate your first Radius Server (exact ip address, key etc)
- For each individual Radius server, edit the NAS-ID field to any text you want to differentiate one from the other
- Use the NAS-ID as an additional rule on the NPS server
 
rtaImage (7).jpg
 
 
Version History
Revision #:
1 of 1
Last update:
‎04-07-2015 02:12 PM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.