05-04-2011 07:58 AM
Here's a bit more explanation. Our current setup has an Enterprise network using RADIUS for authentication. There is a guest network using Captive Portal and the Internal DB (we provision guest users ad-hoc)
We also have some conference centers. When a big group of guests come in for a few days in one of these rooms it is not efficient to provision 30-40 individual accounts for this. Instead we'd like to have one account we can put up on the board for these guests to use. However! We don't want these users to be able to get onto the regular Guest network.
Our Guest network covers the whole campus (20 buildings). I am creating a new SSID just for conference rooms that will only be available in those rooms.
Basically I want it so that GuestA can logon to the guest network anywhere, on the existing SSID, but cannot log onto the Conference SSID. Then I want Conf_GuestB to be able to logon to the Conference Rooms SSID, but not the existing Guest network.
Is this possible when using the Internal DB for both? I'm afraid that even with two AAA profiles, if they both point to the Internal DB, any user in the DB will be authenticated.
Solved! Go to Solution.
05-04-2011 08:15 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-04-2011 09:01 AM
What attributes can you look at in the Internal DB for rule derivation? I tried User-Name, but that does not seem to be working. Can you use derivation rules with the Internal DB?
05-04-2011 09:04 AM
05-04-2011 09:15 AM
Thanks for the reply. It's not so much the role though that's the issue. In fact, I don't have a problem with the Conference users having the same role as guest users. It's more about where the Conference SSID is available. I want the Conference SSID to only be advertised by APs located within Conference rooms. That part's easy. I just created a Cenference SSID profile, vap and AP group. The hard part, is making it so that the 'conference user' can only logon to the Conference SSID (and not able to logon to the guest SSID).
05-04-2011 09:17 AM
But until that happens, I'm still trying to maybe work it out with role derivation. I just don't know if role derivation works with the Internal DB.
05-04-2011 01:08 PM