07-08-2012 09:32 AM
How would I implement below secenario.
Two SSID's (example SSID 1 & SSID 2), both uses same RADIUS server (Microsft NPS), We want user A can connect only to SSID 1 (for example), and USER B can connect only to SSID 2. Is this a RADIUS only configuration or set up any policy in the controller?
Solved! Go to Solution.
07-08-2012 11:42 AM
The true problem is that NPS cannot inspect additional radius attributes that Aruba sends that indicates what SSID a Radius Authentication comes from. The Aruba controller sends the following additional parameters:
To get around this when using NPS, you can:
- Create 2 Radius Server Groups
- Duplicate your first Radius Server (exact ip address, key etc)
- For each individual Radius server, edit the NAS-ID field to any text you want to differentiate one from the other
- Use the NAS-ID as an additional rule on the NPS server...
Does this make sense?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
10-12-2014 10:26 PM
Hi Colin ,
We have the exact requirement and tried this option with wireless policies on NPS side to match a particluar LDAP group and NAS ID as well. However we have another policy below to match all users on the domain but no NAS ID , what we observe here is that if the first policy check fails , then users are getting connected using the policy that matches the domain user group with out NAS ID . Is this an expected behavior ?