When the client completes authentication we can have user assigned to the specific vlan based on the attribute derived from the RADIUS server and his would assign an appropriate vlan to the user returned from the RADIUS server instead of the vlan specified on the VIirtual AP profile. Yes; no server derivation rule needs to configured on the controller and we can achieve this using two methods
FOR VSA : (Aruba2400) #show aaa radius-attributes | include 14823Aruba-Location-Id 6 String Aruba 14823Aruba-Template-User 8 String Aruba 14823Aruba-User-Role 1 String Aruba 14823Aruba-Port-Id 7 String Aruba 14823Aruba-Priv-Admin-User 3 Integer Aruba 14823Aruba-User-Vlan 2 Integer Aruba 14823Aruba-Essid-Name 5 String Aruba 14823Aruba-Named-User-Vlan 9 String Aruba 14823Aruba-Admin-Role 4 String Aruba 14823
FOR MSFT : · IETF 64 (Tunnel Type)—Set this to “VLAN” string· IETF 65 (Tunnel Medium Type)—Set this to 802· IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID (ex 40)
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.