Security

Reply
Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Location Based Services in Controller and AAA

I have a single SSID on my network and i want to offer LBS. How i can configure the LBS services based on AAA. I think that ap-group is the best option but the point is how my AAA will read ap-group attribute in order to decide which service should be allowed based on the ap-group. I need to know which AAA attribute will help to learn the ap-group in radius request?

 

Which AAA attribute i should use to get the ap-group information from controller in AAA request?

Guru Elite
Posts: 8,337
Registered: ‎09-08-2010

Re: Location Based Services in Controller and AAA

The AP group and AP name are both sent in the radius request. Which RADIUS server are you using?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Re: Location Based Services in Controller and AAA

Thanks for your kind reply,

 

As of now any AAA just consider as standered AAA server which can authenticate any radius request.

 

I agree we are sending both but i need to hit the policy based on ap-group. which attribute of aaa i should consider it.

Guru Elite
Posts: 8,337
Registered: ‎09-08-2010

Re: Location Based Services in Controller and AAA

We would need to know what kind of radius server you are using in order to help.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 25
Registered: ‎06-23-2011

Re: Location Based Services in Controller and AAA

It is Accuries AAA

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Location Based Services in Controller and AAA

Ali Haider,

 

The radius attribute you are looking for is the Aruba-AP-Group attribute.  The Value is attribute Number 10 and Aruba is Vendor ID 14823.  Aruba sends the Ap-Group as a string value in authentication requests to the radius server.  If you can configure your radius server to identify that value, you might be able to accomplish what you want:

 

 

 

 

(Aruba7640-US) #show aaa radius-attributes | include Aruba
Aruba-Auth-SurvMethod             39     Integer      Aruba      14823
Aruba-Mdps-Max-Devices            18     Integer      Aruba      14823
Aruba-CPPM-Role                   23     String       Aruba      14823
Aruba-Mdps-Device-Version         21     String       Aruba      14823
Aruba-AirGroup-Shared-User        25     String       Aruba      14823
Aruba-Device-Type                 12     String       Aruba      14823
Aruba-Mdps-Device-Imei            16     String       Aruba      14823
Aruba-AP-Group                    10     String       Aruba      14823
Aruba-Named-User-Vlan             9      String       Aruba      14823
Aruba-Mdps-Device-Serial          22     String       Aruba      14823
Aruba-Mdps-Device-Name            19     String       Aruba      14823
Aruba-AS-User-Name                29     String       Aruba      14823
Aruba-AS-Credential-Hash          30     String       Aruba      14823
Aruba-Auth-Survivability          28     String       Aruba      14823
Aruba-Framed-IPv6-Address         11     String       Aruba      14823
Aruba-Priv-Admin-User             3      Integer      Aruba      14823
Aruba-AirGroup-Version            38     Integer      Aruba      14823
Aruba-WorkSpace-App-Name          31     String       Aruba      14823
Aruba-Template-User               8      String       Aruba      14823
Aruba-Location-Id                 6      String       Aruba      14823
Aruba-Mdps-Device-Profile         33     String       Aruba      14823
Aruba-AirGroup-Shared-Group       35     String       Aruba      14823
Aruba-AirGroup-User-Name          24     String       Aruba      14823
Aruba-Network-SSO-Token           37     String       Aruba      14823
Aruba-AirGroup-Shared-Role        26     String       Aruba      14823
Aruba-Mdps-Device-Iccid           17     String       Aruba      14823
Aruba-Port-Id                     7      String       Aruba      14823
Aruba-No-DHCP-Fingerprint         14     Integer      Aruba      14823
Aruba-Mdps-Provisioning-Settings  32     String       Aruba      14823
Aruba-Mdps-Device-Product         20     String       Aruba      14823
Aruba-User-Vlan                   2      Integer      Aruba      14823
Aruba-AirGroup-Device-Type        27     Integer      Aruba      14823
Aruba-User-Group                  36     String       Aruba      14823
Aruba-AP-IP-Address               34     IP Addr      Aruba      14823
Aruba-Mdps-Device-Udid            15     String       Aruba      14823
Aruba-Admin-Role                  4      String       Aruba      14823
Aruba-User-Role                   1      String       Aruba      14823
Aruba-Essid-Name                  5      String       Aruba      14823


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: