Wireless Access

Reply
Contributor I
Posts: 33
Registered: ‎01-04-2014

How the controller tells the difference between users?

Hi everyone,

 

                    i have done  VLAN mapping to one SSID, so same ssid mapped to 2 different vlans,,,and i put them in different AP groups. this ssid is for guests in 2 diffrent floors.with 2 diffrent captive portals, which means the client will get an IP before he authenticates ( no ACS or clearpass), its an open authentication, The question is how can the controller tell the differnce between the users and map them to the right vlan?

 

thanks for clearing the issue.

Guru Elite
Posts: 8,451
Registered: ‎09-08-2010

Re: How the controller tells the difference between users?

Clone your virtual AP and AAA profiles and assign different pre-auth roles with the different captive portals attached.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 33
Registered: ‎01-04-2014

Re: How the controller tells the difference between users?

Thanks Tim, i will do it and get back to you.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: How the controller tells the difference between users?

Hi,

 

VLAN can be mapped to a user  through a role also. hence create different authenticated roles for each location and map different VLAN to those roles. here is the work around,

AP-Group-1

VAP-1-->

VALN- A

SSID-1

AAA-1-->Guest-Logon-Role-->CP-Profile-1-->Default Role-->Guest-Role-1

Guest-Role-1-->VLAN-X

 

AP-Group-2

VAP-2-->

VALN- A

SSID-1

AAA-2-->Guest-Logon-Role-->CP-Profile-2-->Default Role-->Guest-Role-2

Guest-Role-2-->VLAN-Y

 

AP-Group-3

VAP-3-->

VALN- A

SSID-1

AAA-3-->Guest-Logon-Role-->CP-Profile-3-->Default Role-->Guest-Role-3

Guest-Role-3-->VLAN-Z

 

For your ref :

Assigning Initial role for triggering CP-Profile

CP_2.png

Assigning CP-Profile to the Guest logon role:

 

CP_4.png

 

Mapping Guest authenticated role to CP-Profile :

CP1.png

Mapping VLAN to Guest Authenticated role :

CP_3.png

Please feel free for any further help on this.

 

 

 

In the above config, AP-Group of each location will have different AAA profiles with different CP-profile ,Default guest role with different VLAN, hence you can meet you can requirement.

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: