02-23-2012 12:03 AM
i created a few organization unit and i wish user who had connected to the network will be assign to their respective vlan according to their organization unit in active directory.
Solved! Go to Solution.
02-23-2012 07:24 AM
Is it for a L2 auth or L3 auth like Captive portal ?
If it is a L2 auth like .1x, you can use the server derivation rules to manipulate the roles and vlan.
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
02-23-2012 08:19 AM
You are probably going to have to setup RADIUS via Microsoft IAS, assuming you are just using LDAP. Also, you wont be able to do this if you are just using an open SSID with captive portal.
How is your SSID set up?
02-23-2012 03:23 PM
Thanks for the reply. I am using .1x authentication and using RADIUS via Microsoft IAS. Do you mean assigning the correct server rules will be archive so?
02-24-2012 12:19 AM
There are two parts to this:
First you must create the policies on IAS. It should read something like: if users belong to group_A, then return value of group_A for your attribute (attribute == class in you example below). You would continue to define additional rules for the rest of your groups.
On the controller side, you perform a mapping that says, if attribute / value pair is class == group_A, then assign Role_A.
** If you leverage VSA, then you can save a step and not have to define the radius server rules on the controller. The value coming back on the VSA must match the name of the role.
** I indicate role in my example because you vlan is a component of the role and you also have the option to define an acl along with it.