Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎08-02-2016

Override VLAN pool with another (Server rule)?

In attempt to reduce to the number of SSIDs on our network, I'd like our multiple groups of users (Students and Employees) to share the same SSID while keeping them on seperate VLAN pools. We have a the entire vlan pool (211-223) is assigned to a single VAP. 

 

Can you use a RADIUS filter-id attribute of a set vlan name/pool to override the default vlan pool? Say I have the following ones set up below.

Students - 211-218

Employees - 219-223

 

If it's not possible, I guess we could assume that creating one SSID for each group would be the easiest solution.

 

 

Frequent Contributor I
Posts: 79
Registered: ‎10-15-2012

Re: Override VLAN pool with another (Server rule)?

[ Edited ]

Hi,

 

you can send back vlan names (pools) back to the controller with vendor specific attributes from your radius server

 

for Microsoft NPS ie: Vendor ID (Aruba) 14823 Type: String : value 9 (= Aruba-Named-User-Vlan) (see screenshot in attachment, you will need to create 1 / policy)

for Clearpass: this is a built in attribute

 

Kind regards,

Thomas
ACMX#370 ACCP

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Override VLAN pool with another (Server rule)?

A radius VSA will override a Virtual AP VLAN or role setting, yes...  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/User_Role_Assignments.htm?Highlight=vsa

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: