Wireless Access

Hi Guys.

The client is running a 7010 Controller OS 8.2.0.2. 

Their corprate network uses 802.1x Auth to radius on AD. 

They want to make it so that if a mobile device auths to the radius it must push that mobile device to a different VLAN. and not go on to the corp network. 

Is it possible to do that or must a person use clearpass for that?

Any help will be apreciated.

Regards

There is quite a few ways to do this, depending on how your environment is set up. You can specify a VLAN within a User Role. An attribute returned from the RADIUS server to the controller can used to determine the User Role assigned to the client. So depending on your AD structure, this maybe possible.

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-the-server-rule-quot-Attribute-Filter-Id-Operation-value/ta-p/272241

You can also do this via DHCP Finger printing:

http://www.arubanetworks.com/assets/vrd/AOS-DHCP-FingerPrint-AppNote.pdf

You can also configure the AAA dot1x profile to assign a User Role to client if they have passed User Authentication, Machine Authentication or both User and Machine authentication.

*edit - See p240 of the below guide.Machine Authentication Default User Role / Machine Authentication Default Machine Role

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=28794 

Hi.

Thanks for the quick repsonce. 

We will look into those when we get the chance.

Regards