Security

Reply
Occasional Contributor II
Posts: 35
Registered: ‎04-29-2009

Radius assigned IP address ignored

I am trying to get my clients to use IP addresses assigned in my external Radius server, the IP address is getting returned by the AAA server, but the IP is ignored, and a DHCP address is given to the client (or none if no DHCP on the subnet).

Am I missing something basic here, I certainly assume this is possible. 

I can get the client assigned to the correct VLAN etc using server rules, but as I say the AAA defined IP for the client is ignored, is it something to do with the RFC 3576 option?

 

Regards

Andrew

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: Radius assigned IP address ignored

What method are you using?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 35
Registered: ‎04-29-2009

Re: Radius assigned IP address ignored

Not sure I follow what you mean by what method, on the AAA server end?

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: Radius assigned IP address ignored

How are you configuring things to return an ip address to the client?  Radius server assigned ip addresses normally only work with PPP or PPPOE connections, not 802.1x



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 35
Registered: ‎04-29-2009

Re: Radius assigned IP address ignored

Good point, sorry I have the wrong hat on today...

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: Radius assigned IP address ignored

[ Edited ]

You can send back a Aruba-Named-User-VLAN VSA to the controller to achieve the same thing http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Network_Parameters/About_VLAN_Assignments.htm

 

You need to:

 

Define a named Vlan or pool on your master controller

Map that name to a vlan or range of vlans on the local controller

Return a Aruba-Named-User-VLAN VSA matching that Vlan pool/name to the controller Via the radous serverpoolname.png

 This is supported in ArubaOS 6.3 and above.  To see if your version of ArubaOS can handle that attribute, run the following command:

 

(192.168.1.3) #show aaa radius-attributes | include Aruba-Named-User-Vlan
Aruba-Named-User-Vlan             9      String       Aruba      14823

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: