Wireless Access

Reply
Occasional Contributor I

Move Mobile devices to different VLAN.

Hi Guys.

 

The client is running a 7010 Controller OS 8.2.0.2. 

Their corprate network uses 802.1x Auth to radius on AD. 

They want to make it so that if a mobile device auths to the radius it must push that mobile device to a different VLAN. and not go on to the corp network. 

Is it possible to do that or must a person use clearpass for that?

Any help will be apreciated.

 

Regards

 

 

Re: Move Mobile devices to different VLAN.

There is quite a few ways to do this, depending on how your environment is set up. You can specify a VLAN within a User Role. An attribute returned from the RADIUS server to the controller can used to determine the User Role assigned to the client. So depending on your AD structure, this maybe possible.

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-the-server-rule-quot-Attribute-Filter-Id-Operation-value/ta-p/272241


You can also do this via DHCP Finger printing:

 

http://www.arubanetworks.com/assets/vrd/AOS-DHCP-FingerPrint-AppNote.pdf

 

You can also configure the AAA dot1x profile to assign a User Role to client if they have passed User Authentication, Machine Authentication or both User and Machine authentication.

 

*edit - See p240 of the below guide.Machine Authentication Default User Role / Machine Authentication Default Machine Role

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=28794 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: Move Mobile devices to different VLAN.

Hi.

 

Thanks for the quick repsonce. 

We will look into those when we get the chance.

 

Regards

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: