Security

Reply
MVP
Posts: 77
Registered: ‎03-09-2015

Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

[ Edited ]

Hi all,

I tried using a 'VLAN enforcement' template under Enforcement Profile.

But this is IETF based, and looks like this,

 

Type                        Name                                    Value
Radius:IETF            Session-Timeout                  10800
Radius:IETF            Termination-Action               RADIUS-Request (1)
Radius:IETF            Tunnel-Type                         VLAN (13)
Radius:IETF            Tunnel-Medium-Type           IEEE-802 (6)
Radius:IETF            Tunnel-Private-Group-Id      Enter VLAN --> I have purely entered the vlan id here

 

But I can't get it to work with an IAP/CPPM deployment.

 

The Radius type of 'Radius:Aruba', Attribute: 'Aruba-User-Vlan' works fine.

 

But id rather implement IETF type.... I'm going on the template offered by CPPM.. Should I be choosing other attributes ?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

The Aruba-User-Vlan option is recommended with Aruba equipment.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 77
Registered: ‎03-09-2015

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

[ Edited ]

Implying it will not literally work, period, with IETF Radius attributes ?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

It should, but the Aruba VSA is one attribute vs 4+ for the IETF one. 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: