Security

Hey all,

This might've been covered in another thread, and I'm sorry if it has, but I couldn't find it. To better define what I need, let me first crystallize the info:

1. Let's say that I have a group of Desktops and a group of Laptops as separately named containers in Active Directory

2. I am broadcasting two SSIDs - A = Blue, and B = Red

3. I would like to set up something on the Aruba controller side that states that if you belong to a certain group (AD), or even something internal to the Aruba controller, that you cannot see SSID A or B, i.e., if I'm in the Desktop group, then I can only see the "Red" SSID and not the blue one, and visa versa for Laptops.

Is this possible on the Aruba end? I'm positive that I read something somewhere about this a while ago, but because I'm inept I can't seem to find it again.

Thanks.

Hi, 

if i understand correctly, certain AD group can see the SSID "red" and hide SSID "blue". This is not configurable from Aruba side. As the beacons are broadcasted and its not based on AD group on the DC. even broadcasting beacons to certain clients are not possible.

what we can do to work around is hide the ssid, create a group policy and push the profile as per the group. in this case,  the users willbe connected directly to their respective ssid and they cannot see the SSIDs.  

Right, which is what we were looking at doing directly via GPO, I just wanted to see if there was a way we could deny SSID broadcast based off of device type on the Aruba side, but if it's not possible, that's ok. Maybe we can get that in a performance enhancement request eventually, along with an AP-Group report showing all APs in said group and what duplex and speed they're running :smileyvery-happy:

Thanks.

Thanks