Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎11-24-2014

Dynamic vlan assignment with radius and Aruba Controller

Hi,

I would like to configure and understand  how to dynamically assign vlan on one ssid by radius attribute? With other vendor this is more easy.

My environment is formed by 7240 controller and access point 135.

 

Who can help me ? i don' t find a document that describe this solution.

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Dynamic vlan assignment with radius and Aruba Controller

What radius server are you using?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 14
Registered: ‎11-24-2014

Re: Dynamic vlan assignment with radius and Aruba Controller

MICROSOFT IAS

MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Dynamic vlan assignment with radius and Aruba Controller

If you are making policy decisions based on different AD groups then you can use that in combination with a filter ID to assign a VLAN under the Controller Server Group
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,301
Registered: ‎07-20-2011

Re: Dynamic vlan assignment with radius and Aruba Controller

[ Edited ]

Another way you can do this that you assign different role using that same logic I mentioned and then assign the VLAN to the role

 

2014-12-19 09_01_08-Chrome Remote Desktop.png

 

2014-12-19 09_01_45-Switch General Configuration.png

 

2014-12-19 09_02_07-Security User Roles.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Moderator
Posts: 321
Registered: ‎08-28-2009

Re: Dynamic vlan assignment with radius and Aruba Controller

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Dynamic vlan assignment with radius and Aruba Controller

Hi Friend,

 

Adding to the reply by Victor here are steps to configure the RAS policy for dynamic VLAN assignment.

 

 

Select  New policy and give a name ( DemoPolicy)

 

IAS1.JPG

 

Select Wireless :

 

IAS2.JPG

Select the user group to map this policy (Manager is a group)

 

IAS3.JPG

 

Select  Grant RAS and click on Edit profile

ias4.JPG

Select Advanced Tab and select Add

 

ias5.JPG

 

Select Attribute name as either Filterid or "Vendor specific". to make your life simple select "Vendor Specific" and click on Add.

ias7.JPG

Select option, "Enter Vendor-code" the value for Aruba is 14823

 

Select option "It Confirms" and select "Configure Attributes"

 

ias9.JPG

 

Select the appropriate value and type as shown bellow. 

 

ias8.JPG

Here for returning VLAN id we should select attribute number as 2 and format  as Integer (Decimal) and finally enter the vlan id as the Attribute value.

 

ias10.JPG

 

The server side configuration is done.

 Now we should configure the server group to assign the return attribute ,

 

ias11.JPG

 

Another way is, map a VLAN to the user role and configure the IAS to return the role name 

 

How to map a VLAN to a Role:

 

ias12.JPG

 

Hope got more clarity,

 

Please feel free for any further help on this,

 

Have fun with Aruba :)

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 14
Registered: ‎11-24-2014

Re: Dynamic vlan assignment with radius and Aruba Controller

Thanks

 

i explain better :

 

In my environment i have different type of client, with different privilege on network, this type of client reside on  many different campus (different ap group), i have many vlan pool for each campus. The radius should return the value of vlan pool not the vlan. With the configuration shown i understand that is not very flexible...

For example on cisco wlc i only enable a flag to allow aaa override.

Occasional Contributor II
Posts: 14
Registered: ‎11-24-2014

Re: Dynamic vlan assignment with radius and Aruba Controller

The raiuds server sent back to controller the vlan pool, and is not flexible configure a static vlan.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Dynamic vlan assignment with radius and Aruba Controller

Hi Friend,

 

Aruba supports this feature,

 

You can return the VLAN name through RADIUS attribute and you can have a VLAN pool with that name in the controller.

 

for your ref :

 

I just configured an attribute to return value test.

 

radius1.JPG

I have configured the server group to assign a VLAN pool ( test ).

 

radius2.JPG

A VLAN pool with VLANs 11 and 20 :

radius3.JPG

An user got VLAN assignment through RADIUS .

radius4.JPG

 

 

Hope it is prooved :)

 

Please feel free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: