Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Force client to VLAN

This thread has been viewed 2 times

  • 1.  Force client to VLAN

    Posted Nov 27, 2012 04:33 PM

    Hello,

     

    We have a wireless network that is configured with wireless vlan pooling.  Is there a way to force specific client to one of the VLANs?

     

    Thanks in advance!



  • 2.  RE: Force client to VLAN

    Posted Nov 27, 2012 06:35 PM

    Why you need to do this?

    Is you can explain us maybe we can give you a better solution....

     

    I think you can do it with user role assignment... but still it would be nice if you can explain us your scenario

     



  • 3.  RE: Force client to VLAN

    Posted Nov 27, 2012 08:52 PM

    If this is an 802.1x authenticated network, you could assign the VLAN through a returned attribute and a server derived rule on the controller.   

     

    On the controller you'd configure a server derived rule on the server group and on the RADIUS server you'd configure a rule/policy to assign the Aruba-User-Vlan attribute to that particular user.   The method will vary depending on the RADIUS implementation.

     

    Sample config on the controller.  This will set the VLAN value to whatever is returned in teh Aruba-User-Vlan attribute.

     

    aaa server-group "name-of-server-group"
      set vlan condition "Aruba-User-Vlan" value-of position 1

     

    You could also assign a unique role for that user that would have a VLAN assigned to it.



  • 4.  RE: Force client to VLAN

    Posted Nov 27, 2012 09:35 PM

    Thanks for the responses. 

     

    Basically my problem stems from my web filter.  I need to be able to track web usage by ldap username.  Our webfilter has no support for radius so I can't see anyone authenticating against the Aruba captive portal.  My only option is to ditch the Aruba captive portal for now and use the web filter captive portal.  However, there are specific devices I want to force into a VLAN where I will in turn, create DHCP entries to force an IP by MAC address.  I can white list the devices by IP.  I'm looking at less than 20 devices, so whatever I do is a short term solution until I can get a web filter that has proper radius support, even if it is a clunky option.

     

    Unfortunately, no 802.1x at this time. 



  • 5.  RE: Force client to VLAN

    Posted Nov 27, 2012 10:22 PM

    That would be really hard to do

    How many users do you have?

     

    You could use a /22 or /23 with drop  broadcast/multicast  and dish while you get a solution the vlan poolin....if you supress broadcast with this option, then its a viable option :)

    You will have them all in one vlan... but of course it depends how many users you have?

     

    I send you a private message with a webfilter solution that you can consider.

     

    Cheers

    Carlos