08-02-2016 08:59 PM
In attempt to reduce to the number of SSIDs on our network, I'd like our multiple groups of users (Students and Employees) to share the same SSID while keeping them on seperate VLAN pools. We have a the entire vlan pool (211-223) is assigned to a single VAP.
Can you use a RADIUS filter-id attribute of a set vlan name/pool to override the default vlan pool? Say I have the following ones set up below.
Students - 211-218
Employees - 219-223
If it's not possible, I guess we could assume that creating one SSID for each group would be the easiest solution.
Solved! Go to Solution.
08-03-2016 05:21 AM - edited 08-03-2016 05:22 AM
you can send back vlan names (pools) back to the controller with vendor specific attributes from your radius server
for Microsoft NPS ie: Vendor ID (Aruba) 14823 Type: String : value 9 (= Aruba-Named-User-Vlan) (see screenshot in attachment, you will need to create 1 / policy)
for Clearpass: this is a built in attribute
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
08-03-2016 05:52 AM
A radius VSA will override a Virtual AP VLAN or role setting, yes... http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/User_Role_Assignments.htm?Highlight=vsa
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base