Security

Reply
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Server rules on Aruba 3400 controller and RADIUS Server

We have two 3400 controllers in production. We have recently upgraded Aruba OS to 6.3.1.15. Before upgrading we were on 6.3.1.14 and we have seen the following issue which is the main reason we upgraded to latest version after reading release notes.

 

Issue:

There are server rules define on aruba controller. We have one SSID. We have four set of users and respective VLANS.

 

When a student connect to wireless he is assigned student role and respective vlan. Similar is the case with teachers, guest and admin staff.

 

The issue we are facing is students are geeting the correct role however they are put in wrong vlan which belongs to staff/teachers. This has been happening on OS version 6.3.1.14 and 15. Before that it was running all good.

 

I have checked our NPS servers thoroughly and nothing seems obvious. It is Aruba controller which is not putting users in correct vlan.

 

May I know what could be the issue and how to go about it? I have attached snap shot of rules created two years ago and since then had no issues but only recently. Nothing has been changed.

Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: Server rules on Aruba 3400 controller and RADIUS Server

One thing to mention that it is not happening with all students. It happens randomly.

MVP
Posts: 288
Registered: ‎08-27-2012

Re: Server rules on Aruba 3400 controller and RADIUS Server

Id look in the NPS logs and be sure it's matching the correct policy.
ACDX #419 | ACMP |
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: Server rules on Aruba 3400 controller and RADIUS Server

Thanks for the information.

I read following article:

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

 

It is mentioned that user will be put in defualt VLAN if machine information is not present on RADIUS server. Since our clients are BYOD, thus machine information is not present anyway and thus it was putting clients in to the default VLAN that is the vlan set under VAP profile. I changed the vlan on vap profile so that users are put in respective vlan by default and for other users I have created server rule on Aruba controller.

 

For now it sppears that it has solved the issue I was facing. However I am not sure why it didn't happen before.

MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Server rules on Aruba 3400 controller and RADIUS Server


fqureshi@rosmini.school.nz wrote:

Thanks for the information.

I read following article:

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/802.1x.php

 

It is mentioned that user will be put in defualt VLAN if machine information is not present on RADIUS server. Since our clients are BYOD, thus machine information is not present anyway and thus it was putting clients in to the default VLAN that is the vlan set under VAP profile. I changed the vlan on vap profile so that users are put in respective vlan by default and for other users I have created server rule on Aruba controller.

 

For now it sppears that it has solved the issue I was facing. However I am not sure why it didn't happen before.


good question, i have seen this happen also. no issues since instalation and suddenly this starts happening. luckily it can be fixed, but it is weird.

Search Airheads
Showing results for 
Search instead for 
Did you mean: