Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Server rules on Aruba 3400 controller and RADIUS Server

This thread has been viewed 0 times

  • 1.  Server rules on Aruba 3400 controller and RADIUS Server

    Posted Feb 10, 2015 03:31 PM
      |   view attached

    We have two 3400 controllers in production. We have recently upgraded Aruba OS to 6.3.1.15. Before upgrading we were on 6.3.1.14 and we have seen the following issue which is the main reason we upgraded to latest version after reading release notes.

     

    Issue:

    There are server rules define on aruba controller. We have one SSID. We have four set of users and respective VLANS.

     

    When a student connect to wireless he is assigned student role and respective vlan. Similar is the case with teachers, guest and admin staff.

     

    The issue we are facing is students are geeting the correct role however they are put in wrong vlan which belongs to staff/teachers. This has been happening on OS version 6.3.1.14 and 15. Before that it was running all good.

     

    I have checked our NPS servers thoroughly and nothing seems obvious. It is Aruba controller which is not putting users in correct vlan.

     

    May I know what could be the issue and how to go about it? I have attached snap shot of rules created two years ago and since then had no issues but only recently. Nothing has been changed.



  • 2.  RE: Server rules on Aruba 3400 controller and RADIUS Server

    Posted Feb 10, 2015 03:32 PM

    One thing to mention that it is not happening with all students. It happens randomly.



  • 3.  RE: Server rules on Aruba 3400 controller and RADIUS Server

    Posted Feb 10, 2015 05:17 PM
    Id look in the NPS logs and be sure it's matching the correct policy.


  • 4.  RE: Server rules on Aruba 3400 controller and RADIUS Server
    Best Answer

    Posted Feb 10, 2015 05:24 PM

    Thanks for the information.

    I read following article:

    http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

     

    It is mentioned that user will be put in defualt VLAN if machine information is not present on RADIUS server. Since our clients are BYOD, thus machine information is not present anyway and thus it was putting clients in to the default VLAN that is the vlan set under VAP profile. I changed the vlan on vap profile so that users are put in respective vlan by default and for other users I have created server rule on Aruba controller.

     

    For now it sppears that it has solved the issue I was facing. However I am not sure why it didn't happen before.



  • 5.  RE: Server rules on Aruba 3400 controller and RADIUS Server

    Posted Feb 15, 2015 07:44 AM
    @fqureshi@rosmini.school.nz wrote:

    Thanks for the information.

    I read following article:

    http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

     

    It is mentioned that user will be put in defualt VLAN if machine information is not present on RADIUS server. Since our clients are BYOD, thus machine information is not present anyway and thus it was putting clients in to the default VLAN that is the vlan set under VAP profile. I changed the vlan on vap profile so that users are put in respective vlan by default and for other users I have created server rule on Aruba controller.

     

    For now it sppears that it has solved the issue I was facing. However I am not sure why it didn't happen before.

    good question, i have seen this happen also. no issues since instalation and suddenly this starts happening. luckily it can be fixed, but it is weird.