Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎08-31-2012

Force client to VLAN

Hello,

 

We have a wireless network that is configured with wireless vlan pooling.  Is there a way to force specific client to one of the VLANs?

 

Thanks in advance!

MVP
Posts: 2,987
Registered: ‎10-25-2011

Re: Force client to VLAN

[ Edited ]

Why you need to do this?

Is you can explain us maybe we can give you a better solution....

 

I think you can do it with user role assignment... but still it would be nice if you can explain us your scenario

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: Force client to VLAN

If this is an 802.1x authenticated network, you could assign the VLAN through a returned attribute and a server derived rule on the controller.   

 

On the controller you'd configure a server derived rule on the server group and on the RADIUS server you'd configure a rule/policy to assign the Aruba-User-Vlan attribute to that particular user.   The method will vary depending on the RADIUS implementation.

 

Sample config on the controller.  This will set the VLAN value to whatever is returned in teh Aruba-User-Vlan attribute.

 

aaa server-group "name-of-server-group"
  set vlan condition "Aruba-User-Vlan" value-of position 1

 

You could also assign a unique role for that user that would have a VLAN assigned to it.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor II
Posts: 14
Registered: ‎08-31-2012

Re: Force client to VLAN

Thanks for the responses. 

 

Basically my problem stems from my web filter.  I need to be able to track web usage by ldap username.  Our webfilter has no support for radius so I can't see anyone authenticating against the Aruba captive portal.  My only option is to ditch the Aruba captive portal for now and use the web filter captive portal.  However, there are specific devices I want to force into a VLAN where I will in turn, create DHCP entries to force an IP by MAC address.  I can white list the devices by IP.  I'm looking at less than 20 devices, so whatever I do is a short term solution until I can get a web filter that has proper radius support, even if it is a clunky option.

 

Unfortunately, no 802.1x at this time. 

MVP
Posts: 2,987
Registered: ‎10-25-2011

Re: Force client to VLAN

[ Edited ]

That would be really hard to do

How many users do you have?

 

You could use a /22 or /23 with drop  broadcast/multicast  and dish while you get a solution the vlan poolin....if you supress broadcast with this option, then its a viable option :)

You will have them all in one vlan... but of course it depends how many users you have?

 

I send you a private message with a webfilter solution that you can consider.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: