Controllerless Networks

Reply
Aruba
Posts: 1,290
Registered: ‎08-29-2007

Assign the instant controller-assigned vlan to a vlan-derivation rule, and still be nat'd?

I see on the Instant that the config for the controller-assigned vlan, or magic vlan is 3333.  If I have a vlan-derivation rule that specifies vlan 3333 currently it says that is reserved.

 

This could be handy to quarantine certain clients depending on the attribute received and to just dump them into the controller-assigned vlan with appropriate restricted role.

 

I have just raised a feature request, but was wondering what others thought of that?  Would it be useful, or would you use it that way?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 562
Registered: ‎11-28-2011

Re: Assign the instant controller-assigned vlan to a vlan-derivation rule, and still be nat'd?

In principal this sounds like a pretty good idea.

 

I do wonder how easy the developers would find it to implement though due to software?

 

Just to throw an idea out though an extention to the idea, what might be handy (if it didn't do it by default), would be the capability for the IAP to accept the returned role of "Internal CP". This would potentially have the net-effect of presenting a captive portal?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba
Posts: 1,290
Registered: ‎08-29-2007

Re: Assign the instant controller-assigned vlan to a vlan-derivation rule, and still be nat'd?

You can assign a captive portal profile to a role in the Instants now.

 

In my case above, the portal says 'Your device is not permitted to use this network etc'.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 562
Registered: ‎11-28-2011

Re: Assign the instant controller-assigned vlan to a vlan-derivation rule, and still be nat'd?

Ahhh, good work. I never got around to testing this yet. Might try it some day.

 

In which case, if your RADIUS server returned two variables (when possible) of the role and vlan, that would be handy?

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba
Posts: 1,290
Registered: ‎08-29-2007

Re: Assign the instant controller-assigned vlan to a vlan-derivation rule, and still be nat'd?

You can also assign the role based on attributes like this,

 

Instant-Aruba-User-Role.jpg

 

And then in the role you can force it to a particular vlan.

 

Instant-assign-vlan.jpg

 

If you send back the attribute Aruba-User-Vlan it seems it won't automatically be in the vlan, but you could do it like this as well.

 

Instant-ssid-vlan-assignment.jpg

 

But alas, in each case you can't specify the vlan to be 3333.

 

I've tested all the above and works well.  The Instants are certainly coming along, compared to when they were first released.

 

Hope that helps.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: