Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How can we use different Active Directory groups to give access to different networks?

This thread has been viewed 0 times

  • 1.  How can we use different Active Directory groups to give access to different networks?

    Posted Nov 10, 2015 11:08 AM

    Hi there.

    We have several small sites with Aruba 105/205 networks.  Each site may have several networks defined for different purposes (staff, guests etc). 

    Each AP is setup on the Radius server.

     

    The question is: how can we setup this infrastructure up so that each access to each SSID is controlled by AD group membership?  So some AD users may have access to SSID1 while not having access to SSID2?

     

    Regards,

    Ciaran Foster.

     



  • 2.  RE: How can we use different Active Directory groups to give access to different networks?

    EMPLOYEE
    Posted Nov 10, 2015 11:21 AM

    Clearpass can easily do this task. Basically, we can take the user context along with the SSID and location context into account to make intelligent policy decisions.



  • 3.  RE: How can we use different Active Directory groups to give access to different networks?

    Posted Nov 10, 2015 11:25 AM

    Hi there.

    Thanks for the prompt reply.

    Can you clarify whart Clearpass is?

    Is that a separate product we would need to purchase?

     

    My understandng is all we have are a selection of Aruba APs and we use Instant to configure these (create SSIDs etc).  I do not believe we have any other Aruba products here so are you saying I cannot implement this without extra software?

     

    Thanks and regards,

    Ciaran Foster.

     



  • 4.  RE: How can we use different Active Directory groups to give access to different networks?
    Best Answer

    EMPLOYEE
    Posted Nov 10, 2015 05:14 PM

    Clearpass is a AAA policy management solution leveraging RADIUS at its core. Yes - it's a separate product and in order to accomplish this, something like Clearpass would be recommended. 

     

    Your only other option is to use local user accounts in the IAP cluster vs. AD usernames and passwords.