09-05-2012 02:49 PM
Hello. I have a need to create a RADIUS policy where the server will check if the user is allowed to connect to a specific WLAN based on their OU assignment in AD. Specifically, we need to restrict students and non-technical staff from being able to authenticate to the administrative WLAN. I was wondering if there is a whitepaper that is available.
09-05-2012 04:43 PM - edited 09-05-2012 04:48 PM
This involves two things: (one mandatory and one optional)
1 A Radius Server Side rule to check things like SSID, AD Group, EAP Type and to return authentication status of "passed" to the Aruba controller. It can also send an attribute along with that positive authentication back to the Aruba controller
2 A server derivation rule in the Aruba controller to process to attribute to put a user in a role.
How you write#1 depends 100% on your radius server.
Please see this article for how to do it on a Microsoft Radius Server: http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/How-do-I-configure-an-Aruba-controller-to-use-AD-groups-through/m-p/2501/highlight/true#M552
Here is an article to see what radius attributes are send to your Aruba Controller from your radius server: https://kb.arubanetworks.com/app/answers/detail/a_id/826
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base