Wireless Access

Reply
New Contributor
Posts: 1
Registered: ‎05-12-2017

IAP-205 with NPS and AD Groups as ACLs

Hello all,

I have the following Wireless infrastructure:
IAP 205 -> 3 Hidden SSIDs -> Auth via NPS RADIUS.

The issue I am facing that Ive created 3 Active Directory groups called:
IT
Sales
RnD

And also created 3 NPS rules with the same name as those groups above.
How can I tell Aruba or the NPS that only users in IT can join the IT SSID and Sales to Sales and so on.. Because right now IT can join Sales and RnD, and Sales can join IT and RnD and so on..

Thank you all
MVP
Posts: 402
Registered: ‎07-26-2011

Re: IAP-205 with NPS and AD Groups as ACLs

[ Edited ]

The easiest way to achieve this would be using RADIUS attributes and the Aruba-Essid-Name attribute sent in the RADIUS packet. So your NPS policy would only send an ACCEPT if the Aruba-Essid-Name was correct. However somes NPS do not support some RADIUS attrbiutes. If not you can use the following work around below, this is for a physical controller based solution however the concept is still the same for Instants.

 

http://community.arubanetworks.com/t5/Security/Two-SSID-s-using-802-1x-authentication-with-same-Radius-server/td-p/39038

 

 

ACMA, ACMP
If my post addresses your query, give kudos:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: