Wireless Access

Currently, if someone needs a static IP for their client, we have to reserve it in each of the 4 lasee pools available to an ssid.  Is there a way to tell the controller to put this specifc client on the same vlan each time? 

We are on v3 code, due to be upgrading to v5 soon, but need a solution to keep us going.  We dont currently use .1x as Id read this could be used to achieve this.  We use an external server to manage dhcp, but dont know if using the controller to manage the leases would be any better?

Is there a way to say any clients with these MAC addresses, stick on this vlan?  We could then have a specific vlan for clients that need to have a static address, making management easy.

Thanks...

You can use the Mac address of the client 

If I go to that section, the gui is blank!! not the first time Ive had such problems with the gui....

Would this be correct syntax via cli?

aaa derivation-rules user STATIC-VLAN-ASSIGN
  set vlan condition macaddr equals "xx:xx:xx:xx:xx:xx" set-value VLANID

 VLANID = the numeric value of the vlan

Ive gone onto the conroller which has the client associiated with it, and I can actually see the rule I have created on the gui (although not on the master!).  But it has not hits.  I can see the client, and checked mac address etc, but doesnt seem to work.

Sk3l3tor,

Try to clear your browser cache to display the page properly.  

Unfortunately, the user derivation rule is only useful if you have a preshared key or "Open" network, because radius rules trump user derivation rules.

Turn on debugging for that user to see what is happening for sure.

You have to evaluate your options to see if what you have to do for this single device is too complicated and consider something else:

If this is one of quite a few devices that need to be on a specific VLAN, create a separate preshared key wireless network and assign all devices static ip addresses on that VLAN.  

If this is a single device, consider plugging it it, or we will have to create a rule on your radius server to send back an attribute when it sees that calling station-ID that matches mac address.  We would then have to write a server derivation rule on the Aruba controller that will put it into a role with a static VLAN.

Try to clear your browser cache to display the page properly.  

Already done this (cleared/reset...).  Can see page ok on other controller, but not the master!

Unfortunately, the user derivation rule is only useful if you have a preshared key or "Open" network, because radius rules trump user derivation rules.

We use preshared key.  Not made the move to .1x yet, although it is on the horizon.

Turn on debugging for that user to see what is happening for sure.

Will give this a go.

You have to evaluate your options to see if what you have to do for this single device is too complicated and consider something else:

If this is one of quite a few devices that need to be on a specific VLAN, create a separate preshared key wireless network and assign all devices static ip addresses on that VLAN.  

If this is a single device, consider plugging it it, or we will have to create a rule on your radius server to send back an attribute when it sees that calling station-ID that matches mac address.  We would then have to write a server derivation rule on the Aruba controller that will put it into a role with a static VLAN.

I niavely thought that simply creating a rule to put a deivce with specificed mac, on a specified vlan would do the trick  -  sounds easy! 

Thanks

Wouldn't you be able to attach the user rule (STATIC-VLAN-ASSIGN) to your AAA profile for either the AAA-802.1x or AAA-PSK profile?

Could you use also use the contains condition to just pull out the OUI information from the first 6 digits?