Remote Networking

Reply
Occasional Contributor I
Posts: 9
Registered: ‎09-09-2010

Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

This seems to almost work, but I have a hurdle I can't quite get/overcome:

I am using a RAP2 tied to a 650 controller which is working with Radius/AD via a Cisco ACS 5.1 server.

In my perfect world, I would be able to assign end user ports and SSIDs into an appropriate vlan based on the user's AD group. I am testing this with a wired port first.

Everything seems to work 'okay' in that I can authenticate, and see the user get placed in the correct role - the problem is that although I have the vlan set in the user-role, the wired port stays in vlan 1. Am I misunderstanding the use of the 'vlan' command when coupled with the 'user-role'?

Any thoughts?

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

ap-group TECHSUP-RAP2-APGROUP8
enet1-port-profile DYN-TECHSUP-1X-ACCESS-WIRED-PORT-PROFILE
ap-system-profile GVSU-RAP-SYS-PROFILE

ap wired-port-profile DYN-TECHSUP-1X-ACCESS-WIRED-PORT-PROFILE
wired-ap-profile DYN-ACCESS-WIRED-AP-PROFILE
aaa-profile DYN-TECHSUP-1X-SPLIT-AAA-PROFILE

user-role DYN-TECHSUP-SPLIT-ROLE
vlan 60
access-list session TECHSUP-SPLIT-ACL

aaa profile DYN-TECHSUP-1X-SPLIT-AAA-PROFILE
authentication-dot1x GVSU-1X
dot1x-server-group GVSUAAA-RADIUS

ap wired-ap-profile DYN-ACCESS-WIRED-AP-PROFILE
wired-ap-enable
forward-mode split-tunnel
! yes - no vlan assigned here... how do I get it to be dynamic based on role?

aaa server-group GVSUAAA-RADIUS
auth-server CISCO-ACS-1X
set role condition Class equals "TSR" set-value DYN-TECHSUP-SPLIT-ROLE
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Use show user-table verbose to see what VLAN the USER ends up in.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-09-2010

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Hi Colin...

Seems to get dumped into vlan 1 (which I believe is the default for a "ap wired-ap-profile" where the vlan isn't specified.
(VPN-ARUBA-AL1) #show user-table verbose

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Server Vlan Bwm
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ------ ---- ---
172.25.101.17 00:16:76:d6:ca:ae freitagb DYN-TECHSUP-SPLIT-ROLE 00:04:21 802.1x-Wired freitagb-rap2-0d02 Wired(Remote) 10.4.18.49:0/1 DYN-TECHSUP-1X-SPLIT-AAA-PROFILE split tunnel CISCO-ACS-1X 1 (1)
.....

Is there a step I'm missing to make this work correctly?
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Turn on user logging to see why it ends up in that VLAN:

config t
logging level debug user

show log user 50


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-09-2010

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Hi Colin,

I decided to try and move to wireless to continue testing my ideas... as I've found a fair amount of odd behavior on the wired side (hence the reason for my move to 6.0 code).

In the same authentication scenario as with wired, I connect to the SSID get authenicated, the logic fires and I get placed on the correct VLAN (according to the logs) 69, but the reality is that my machine is still in the initial vlan configured under "wlan virtual-ap" - 398.

Jan 8 17:58:35 :522036: |authmgr| MAC=00:19:d2:27:59:0a Station DN: BSSID=00:24:6c:a0:d0:20 ESSID=N69SGVSU VLAN=398 AP-name=freitagb-rap2-0d02
Jan 8 17:58:35 :522004: |authmgr| MAC=00:19:d2:27:59:0a ingress 0x10d8 (tunnel 24), u_encr 1024, m_encr 1024, slotport 0xfc1 , type: remote, FW mode: 3, AP IP: 10.4.18.52
Jan 8 17:58:35 :522004: |authmgr| station free: bssid=00:24:6c:a0:d0:20, @=0x107e02dc
Jan 8 17:58:35 :522035: |authmgr| MAC=00:19:d2:27:59:0a Station UP: BSSID=00:24:6c:a0:d0:20 ESSID=N69SGVSU VLAN=398 AP-name=freitagb-rap2-0d02
Jan 8 17:58:35 :522004: |authmgr| MAC=00:19:d2:27:59:0a ingress 0x10d8 (tunnel 24), u_encr 1024, m_encr 1024, slotport 0xfc1 , type: remote, FW mode: 3, AP IP: 10.4.18.52
Jan 8 17:58:35 :522004: |authmgr| user has not changed essid, skipping cleanup
Jan 8 17:58:35 :522004: |authmgr| Deriving role from user attributes
Jan 8 17:58:35 :522004: |authmgr| Programming the RAP for station 00:19:d2:27:59:0a:00:24:6c:a0:d0:20 - VLAN :
Jan 8 17:58:35 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 10, AP IP: 10.4.18.52, flags : 0
Jan 8 17:58:36 :522038: |authmgr| MAC=00:19:d2:27:59:0a IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=CISCO-ACS-1X
Jan 8 17:58:36 :522004: |authmgr| Auth done called from Authenticated state
Jan 8 17:58:36 :522044: |authmgr| MAC=00:19:d2:27:59:0a Station authenticate(start): method=802.1x, role=DYN-TECHSUP-SPLIT-ROLE/DYN-TECHSUP-SPLIT-ROLE/, VLAN=398/69/69/0/0, Derivation=2/3, Value Pair=1
Jan 8 17:58:36 :522017: |authmgr| MAC=00:19:d2:27:59:0a IP=?? Derived role 'DYN-TECHSUP-SPLIT-ROLE' from server rules: server-group=GVSUAAA-RADIUS, authentication=802.1x
Jan 8 17:58:36 :522004: |authmgr| {L2} Update role from DYN-TECHSUP-SPLIT-ROLE to DYN-TECHSUP-SPLIT-ROLE for IP=0.0.0.0
Jan 8 17:58:36 :522004: |authmgr| Station authenticate has l2 role :DYN-TECHSUP-SPLIT-ROLE default role logon logon role logon
Jan 8 17:58:36 :522023: |authmgr| MAC=00:19:d2:27:59:0a Derived VLAN 69 from server rules: server-group=GVSUAAA-RADIUS
Jan 8 17:58:36 :522004: |authmgr| Station authenticate has derived a new vlan 69
Jan 8 17:58:36 :522004: |authmgr| Valid Dot1xct, remote:1, assigned:69, default:398,current:69,termstate:0, wired:0,dot1x enabled:1, psk:0 static:0 bssid=00:24:6c:a0:d0:20
Jan 8 17:58:36 :522004: |authmgr| Vlan assignment is not needed during station authentication
Jan 8 17:58:36 :522029: |authmgr| MAC=00:19:d2:27:59:0a Station authenticate: method=802.1x, role=DYN-TECHSUP-SPLIT-ROLE/DYN-TECHSUP-SPLIT-ROLE/, VLAN=398/69/69/0/0, Derivation=2/3, Value Pair=1
Jan 8 17:58:36 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role=DYN-TECHSUP-SPLIT-ROLE VLAN=69 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X

Also odd, when I first connect the wireless, I see vlan/bwm both listed as 398 - when I do a "aaa user delete" and it comes back it reads as 398/69....

What is bwm?

(VPN-ARUBA-AL1) #show user-table verbose | include frei
10.10.2.95 00:19:d2:27:59:0a freitagb DYN-TECHSUP-SPLIT-ROLE 00:00:18 802.1x freitagb-rap2-0d02 Associated(Remote) N69SGVSU/00:24:6c:a0:d0:20/g TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE split tunnel CISCO-ACS-1X 398 (398)

(VPN-ARUBA-AL1) #show user-table verbose | include frei
10.10.2.95 00:19:d2:27:59:0a freitagb DYN-TECHSUP-SPLIT-ROLE 00:00:18 802.1x freitagb-rap2-0d02 Associated(Remote) N69SGVSU/00:24:6c:a0:d0:20/g TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE split tunnel CISCO-ACS-1X 398 (69)

I feel like there's just some little switch I'm not throwing somewhere...
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Disconnect the client. Do a "aaa user delete all". Connect the client. Do a "show log user 50"


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-09-2010

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Thanks Colin.

In this particular case, I didn't get assigned to the appropriate VLAN (even in the logs).... the logs also look different than what I posted a while ago.

(VPN-ARUBA-AL1) #aaa user delete all
6 users deleted

(VPN-ARUBA-AL1) #show log user 50

Jan 8 18:29:55 :522006: |authmgr| MAC=00:19:d2:27:59:0a IP=10.10.2.95 User entry added: reason=Auth Request
Jan 8 18:29:55 :522004: |authmgr| Station inherit: IP=10.10.2.95 start bssid:00:24:6c:a0:d0:20 essid: N69SGVSU port:0x100d (0x100d)
Jan 8 18:29:55 :522004: |authmgr| {L3} Update role from logon to DYN-TECHSUP-SPLIT-ROLE for IP=10.10.2.95
Jan 8 18:29:55 :522004: |authmgr| user_authenticate : Sending SOS_USER_ACTION_ADD for updation to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:55 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role= DYN-TECHSUP-SPLIT-ROLE VLAN=398 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X
Jan 8 18:29:55 :522004: |authmgr| station inherit IP=10.10.2.95 bssid:00:24:6c:a0:d0:20 essid: N69SGVSU auth:1 type:802.1x role:DYN-TECHSUP-SPLIT-ROLE port:0x100d
Jan 8 18:29:55 :522004: |authmgr| rap user : Sending SOS_USER_ACTION_ADD to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:55 :522004: |authmgr| user_miss from RAP:10.4.18.52, (Wireless) user IP:10.10.2.95, VLAN:398, BSSID:00:24:6c:a0:d0:20:AP:freitagb-rap2-0d02
Jan 8 18:29:55 :522004: |authmgr| Station inherit: IP=10.10.2.95 start bssid:00:24:6c:a0:d0:20 essid: N69SGVSU port:0x100d (0x100d)
Jan 8 18:29:55 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role= DYN-TECHSUP-SPLIT-ROLE VLAN=398 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X
Jan 8 18:29:55 :522004: |authmgr| station inherit IP=10.10.2.95 bssid:00:24:6c:a0:d0:20 essid: N69SGVSU auth:1 type:802.1x role:DYN-TECHSUP-SPLIT-ROLE port:0x100d
Jan 8 18:29:55 :522004: |authmgr| rap user : Sending SOS_USER_ACTION_ADD to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:55 :522004: |authmgr| user_miss from RAP:10.4.18.52, (Wireless) user IP:10.10.2.95, VLAN:398, BSSID:00:24:6c:a0:d0:20:AP:freitagb-rap2-0d02
Jan 8 18:29:55 :522004: |authmgr| Station inherit: IP=10.10.2.95 start bssid:00:24:6c:a0:d0:20 essid: N69SGVSU port:0x100d (0x100d)
Jan 8 18:29:55 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role= DYN-TECHSUP-SPLIT-ROLE VLAN=398 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X
Jan 8 18:29:55 :522004: |authmgr| station inherit IP=10.10.2.95 bssid:00:24:6c:a0:d0:20 essid: N69SGVSU auth:1 type:802.1x role:DYN-TECHSUP-SPLIT-ROLE port:0x100d
Jan 8 18:29:55 :522004: |authmgr| rap user : Sending SOS_USER_ACTION_ADD to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:55 :522004: |authmgr| user_miss from RAP:10.4.18.52, (Wireless) user IP:10.10.2.95, VLAN:398, BSSID:00:24:6c:a0:d0:20:AP:freitagb-rap2-0d02
Jan 8 18:29:55 :522004: |authmgr| Station inherit: IP=10.10.2.95 start bssid:00:24:6c:a0:d0:20 essid: N69SGVSU port:0x100d (0x100d)
Jan 8 18:29:55 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role= DYN-TECHSUP-SPLIT-ROLE VLAN=398 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X
Jan 8 18:29:55 :522004: |authmgr| station inherit IP=10.10.2.95 bssid:00:24:6c:a0:d0:20 essid: N69SGVSU auth:1 type:802.1x role:DYN-TECHSUP-SPLIT-ROLE port:0x100d
Jan 8 18:29:55 :522004: |authmgr| rap user : Sending SOS_USER_ACTION_ADD to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:55 :522004: |authmgr| user_miss from RAP:10.4.18.52, (Wireless) user IP:10.10.2.95, VLAN:398, BSSID:00:24:6c:a0:d0:20:AP:freitagb-rap2-0d02
Jan 8 18:29:55 :522004: |authmgr| Station inherit: IP=10.10.2.95 start bssid:00:24:6c:a0:d0:20 essid: N69SGVSU port:0x100d (0x100d)
Jan 8 18:29:55 :522008: |authmgr| User Authentication Successful: username=freitagb MAC=00:19:d2:27:59:0a IP=10.10.2.95 role= DYN-TECHSUP-SPLIT-ROLE VLAN=398 AP=freitagb-rap2-0d02 SSID=N69SGVSU AAA profile=TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE auth method=802.1x auth server=CISCO-ACS-1X
Jan 8 18:29:55 :522004: |authmgr| station inherit IP=10.10.2.95 bssid:00:24:6c:a0:d0:20 essid: N69SGVSU auth:1 type:802.1x role:DYN-TECHSUP-SPLIT-ROLE port:0x100d
Jan 8 18:29:55 :522004: |authmgr| rap user : Sending SOS_USER_ACTION_ADD to RAP 10.10.2.95: IP=10.10.2.95, Role: DYN-TECHSUP-SPLIT-ROLE, ACL:58, authtype:4
Jan 8 18:29:55 :522004: |authmgr| 00:19:d2:27:59:0a: Sending STM new Role ACL : 58, and Vlan info: 398, action : 18, AP IP: 10.4.18.52, flags : 0
Jan 8 18:29:56 :522038: |authmgr| MAC=00:1e:7a:c3:10:d2 IP=0.0.0.0 Authentication result=Authentication Successful method=MAC server=Internal
Jan 8 18:29:56 :522004: |authmgr| MAC=00:1e:7a:c3:10:d2 IP=0.0.0.0: MAC auth success: entry-type=L2, bssid=01:80:c2:00:00:03
Jan 8 18:29:56 :522044: |authmgr| MAC=00:1e:7a:c3:10:d2 Station authenticate(start): method=MAC, role= DENY-ANY-ROLE//, VLAN=398/0/0/0/0, Derivation=10/0, Value Pair=1
Jan 8 18:29:56 :522004: |authmgr| {L2} GVSU-SPLIT-ROLE from profile "GVSU-WIRED-MAC-SPLIT-AAA-PROFILE"
Jan 8 18:29:56 :522004: |authmgr| {L2} Update role from DENY-ANY-ROLE to GVSU-SPLIT-ROLE for IP=0.0.0.0
Jan 8 18:29:56 :522004: |authmgr| station_authenticate : Sending SOS_USER_ACTION_SETACL for updation to RAP 10.4.18.25: IP=??, Role: GVSU-SPLIT-ROLE, ACL:56, authtype:2, ingress=4097
Jan 8 18:29:56 :522004: |authmgr| 00:1e:7a:c3:10:d2: Sending STM new Role ACL : 53, and Vlan info: 398, action : 10, AP IP: 10.4.18.25, flags : 0
Jan 8 18:29:56 :522004: |authmgr| Station authenticate has l2 role :GVSU-SPLIT-ROLE default role DENY-ANY-ROLE logon role logon
Jan 8 18:29:56 :522004: |authmgr| No dot1xctx, remote:1, assigned:398, default:398,current:0,termstate:0, wired:1,dot1x enabled:0, psk:0 static:0 bssid=00:24:6c:c2:17:64
Jan 8 18:29:56 :522004: |authmgr| Vlan assignment is not needed during station authentication
Jan 8 18:29:56 :522029: |authmgr| MAC=00:1e:7a:c3:10:d2 Station authenticate: method=MAC, role=GVSU-SPLIT-ROLE//, VLAN=398/0/0/0/0, Derivation=1/0, Value Pair=1
Jan 8 18:29:56 :522004: |authmgr| {L3} Update role from GVSU-SPLIT-ROLE to GVSU-SPLIT-ROLE for IP=10.10.197.29
Jan 8 18:29:56 :522004: |authmgr| user_authenticate : Sending SOS_USER_ACTION_ADD for updation to RAP 10.10.197.29: IP=10.10.197.29, Role: GVSU-SPLIT-ROLE, ACL:53, authtype:2
Jan 8 18:29:56 :522004: |authmgr| 00:1e:7a:c3:10:d2: Sending STM new Role ACL : 53, and Vlan info: 398, action : 18, AP IP: 10.4.18.25, flags : 0
Jan 8 18:29:56 :522008: |authmgr| User Authentication Successful: username=00:1e:7a:c3:10:d2 MAC=00:1e:7a:c3:10:d2 IP=10.10.197.29 role=GVSU-SPLIT-ROLE VLAN=398 AP=stackm-rap2-1763 SSID=N/A AAA profile=GVSU-WIRED-MAC-SPLIT-AAA-PROFILE auth method=MAC auth server=Internal
Jan 8 18:29:57 :503188: |stm| |voice| |vm| vm_update_vc_stat_queue: vc 10.10.198.251, bssid 00:0b:86:b7:1c:d1, 0 report in list
Jan 8 18:29:57 :503188: |stm| |voice| valid_report: vc 10.10.198.251, No active call..

(VPN-ARUBA-AL1) # show user-table verbose | include fre
10.10.2.95 00:19:d2:27:59:0a freitagb DYN-TECHSUP-SPLIT-ROLE 00:00:00 802.1x freitagb-rap2-0d02 Associated(Remote) N69SGVSU/00:24:6c:a0:d0:20/g TECHSUP-WIFI-1X-SPLIT-AAA-PROFILE split tunnel CISCO-ACS-1X 398 (398)

I thought the user_miss from RAP:10.4.18.52 message was interesting..


Thanks again for your thoughts on the issue..
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Please publish the output of "show rights DYN-TECHSUP-SPLIT-ROLE"

thanks.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-09-2010

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

(VPN-ARUBA-AL1) #show rights DYN-TECHSUP-SPLIT-ROLE

Derived Role = 'DYN-TECHSUP-SPLIT-ROLE'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Assigned VLAN = 69
Periodic reauthentication: Disabled
ACL Number = 58/0
Max Sessions = 65535


access-list List
----------------
Position Name Location
-------- ---- --------
1 TECHSUP-SPLIT-ACL

TECHSUP-SPLIT-ACL
-----------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dhcp permit Low 4
2 VOIP VOIP SVC-RTP permit High 46 4
3 VOIP CALLMANAGER any permit High 46 4
4 CALLMANAGER VOIP any permit High 46 4
5 user TECHSUP-ACCESS any permit Low 4
6 TECHSUP-ACCESS user any permit Low 4
7 user 224.0.0.0 255.0.0.0 any permit Low 4
8 TECHSUP-ACCESS TECHSUP-ACCESS any permit Low 4
9 user any any route src-nat Low 4

Expired Policies (due to time constraints) = 0
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Dynamic Vlan assignment on RAP2 Wired Port? (and wireless eventually)

Is this a tunneled SSID or a split-tunneled SSID?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: