Wireless Access

Reply
New Contributor

One SSID, Multiple Groups and Multiple VLANs

Is it possible to implement the following scenario using Aruba Controller and Microsoft NPS.

I would like to use one SSID and put users to a different vlan using their AD Group membership. I know this is working I have tested it, but what if we have multiple buildings and they are using different VLAN IDs?

 

For example

Building 1

AD Group Sales --> VLAN ID 10

AD Group Engineer --> VLAN ID 11

AD Group Marketing --> VLAN 12

 

Building 2

AD Group Sales --> VLAN ID 20

AD Group Engineer --> VLAN ID 21

AD Group Marketing --> VLAN 22

 

and so on.

 

What is the best way to separate buildings in this configuration? Is it possible to use for example AP Group as NAS Identifier or something similar? Then I could create specific rule in NPS.

 

Is this possible?

 

New Contributor

Re: One SSID, Multiple Groups and Multiple VLANs

I figured this out. Just duplicate the radius server settings and create a new server group for every building. Define different NAS ID for every building. After that it is just creating NPS network policies.

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Two-SSID-s-using-802-1x-authentication-with-same-Radius-server/td-p/39038

 

Any other options to implement this?

Guru Elite

Re: One SSID, Multiple Groups and Multiple VLANs

Without ClearPass, that is your option.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: