Controller-less WLANs

Why Vlan is not assigned correctly when operator type is set as "equals" in Tunnel-Private-Group-Id?

Aruba Employee
Q:

Why Vlan is not assigned correctly when operator type is set as "equals" in Tunnel-Private-Group-Id in CPPM server?



A:

The cause of this issue is if radius server is CPPM, it will return tag and Tunnel-Private-Group-Id value which is causing it.

it doesn't match derivation rules when operator type is set to "equals".
 
CPPM return result from captures:
 
AVP: l=7  t=Tunnel-Private-Group-Id(81) Tag=0x01: v200
    Tag: 0x01
    Tunnel-Private-Group-Id: v200
 
Free-radius and win2008 radius server return results:


AVP: l=6  t=Tunnel-Private-Group-Id(81): v200
    Tunnel-Private-Group-Id: v200      
 
The work around is to tweak the tag value to zero.  Below is the steps to tweak the value. 
 
Enable the Avenda dictionary in Admin -> Radius -> Dictionary -> Avenada -> Enable.
then in the enforcement policy, also add RADIUS:Avenda:Avenda-tag-Id => 0 which will set the tag value to 0x00 and then AOS/IAP should be able to parse out the integer correctly.
 

 

 

Version history
Revision #:
2 of 2
Last update:
‎02-20-2017 12:19 PM
Updated by:
 
Labels (2)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.