Security

I have 2 department say D1 and D2.Users of D1 must connect to SSID named Dep1 and users of D2 must connect to SSID named Dep2.I am having a server group as Internal thats why users of D1 can connect to D2 and vice-versa but can we differentiate them using user derivation rules or by defining any server rules.

Hi Vinit. Doing this with one ssid might be easier by just placing the user in the appropriate role directly. But in the server group you can achieve the same by adding server rule with testing for Aruba-ssid-name and then placing in the appropriate role. Might need one server group for each ssid and just authenticating if name of ssid is the right one.. See more help about server rules in 6.2 user guide around page 183-185.

Like jsolb says, you would probably be better off using only one SSID and setting the user role directly.

If you have your users in the internal database, you can do this by setting the "Role" parameter for that user.

If you have users in an external server, you can do the same by making a server rule and making the server return what role the user should have with for example filter-id which is a common parameter for this usage.

 

Also, just to add to jsolb's answer; if you still wants to do role derivation based on essid, you can also do this by creating a user rule. You can make a user rule to set a role or a vlan based on what essid the user is connected to.