Security

Reply
Occasional Contributor II

Radius Authentication with Aruba Controller

authentication with External Radius Server is our senerio 

radius server return packet to controller with the assigned vlan to the user after authentication process complete 

For specific SSID can we handle the vlan assignment by the controller after authentication process complete by the external radius 

Kindly advice ASAP

thanks

Ess Lam 

Guru Elite

Re: Radius Authentication with Aruba Controller

Yes, do you have the Aruba radius dictionary installed?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Radius Authentication with Aruba Controller

thanks for your replay 

no , it is not installed yet 

how can i find it ?

how this will help me ?

 

 

 

Guru Elite

Re: Radius Authentication with Aruba Controller

What radius server are you using?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Radius Authentication with Aruba Controller

juniper unified access control 

is there is any document explaining Aruba radius dictionary ?

Guru Elite

Re: Radius Authentication with Aruba Controller

You would have to search juniper's website on how to install the Aruba radius dictionary. 

 

The attribute you should return from Juniper UAC to set the user Vlan is "Aruba-User-Vlan"           



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Authentication with Aruba Controller

As i explained in first massage i want this senrio for specific ssid , not for all returned attribute from radius server ,how can i manage that ?

Radius server return Vlan ID for all user while in one SSID , i want to assign the vlan id from controller 

 

Guru Elite

Re: Radius Authentication with Aruba Controller

- you need to load the Aruba radius VSA on the Juniper Device.

 

Next, you will need to check on the Juniper if the "Aruba-Essid-Name" attribute matches the SSID that you want to deal with.  You will then have to return the "Aruba-User-Vlan" attribute with the VLAN that you want the user to be in.

 

You cannot accomplish this without loading the Aruba radius VSA into your Juniper radius server.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Radius Authentication with Aruba Controller

after installing Aruba radius dictionary in juniper unified Access control there is no option to define user by SSID name i can't make policy or role to return "Aruba-User-Vlan" is there is any idea of How to Assign Vlan from controller while the radius Return Attribute with assigned vlan , i tried to use server group rule but it didn't work kindly Advice
Guru Elite

Re: Radius Authentication with Aruba Controller

You should contact Juniper for the answers to those questions.  http://kb.juniper.net/InfoCenter/index?page=answers&type=search&searchid=1259419773780&question_box=aruba&cntnt=Knowledge_Base&cntnt=Technical_Documentation

 

 

 Maybe someone uses Juniper UAC and can reply here.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: