Security

Reply
MVP
Posts: 287
Registered: ‎11-04-2008

When “Aruba-User-Vlan” is not available for ClearPass to steer

 

We are using Vlans to segment the network and ClearPass attribute “Aruba-User-Vlan” would steer users to their Vlans acording to their department.   The problem is when users roam out of their layer-3 boundary, the Vlans that they belong to are not there so they get 169 IP address.

 

Questions: Can ClearPass or controller move users to default Vlan that defines in virtual-AP profile if their assigned Vlans are not available?  Or do you have any other suggestions for roamed users?

 

Best Regards,

 

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 20,812
Registered: ‎03-29-2007

Re: When “Aruba-User-Vlan” is not available for ClearPass to steer

When you say "out of their layer 3 boundary" do you mean to a different WLAN controller?  If that is the case, you should use a VLAN name that is defined locally on each controller and send that VLAN name attribute from CPPM, instead of a VLAN number.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 287
Registered: ‎11-04-2008

Re: When “Aruba-User-Vlan” is not available for ClearPass to steer

 

Yes, users roam to different local controller where their Vlans are not available.

I've never used VLAN name, so pardon my unawarness.  When a VLAN name defines at local controller, how does it put users to their resources? tunel back to master controller?

 

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 20,812
Registered: ‎03-29-2007

Re: When “Aruba-User-Vlan” is not available for ClearPass to steer

The short answer is that you define a VLAN name.  You assign that VLAN name to a Virtual AP instead of a VLAN number.  On each controller (master and local), you define what vlan number that name maps to.  In CPPM, you just return the VLAN name attribute with the VLAN name.  The local controller will put the user in the VLAN number associated to the name returned from CPPM.

 

An article on VLAN names is here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-a-named-VLAN-and-how-do-I-configure-it/ta-p/181562

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: