Wireless Access

Occasional Contributor I

Override VLAN pool with another (Server rule)?

In attempt to reduce to the number of SSIDs on our network, I'd like our multiple groups of users (Students and Employees) to share the same SSID while keeping them on seperate VLAN pools. We have a the entire vlan pool (211-223) is assigned to a single VAP. 


Can you use a RADIUS filter-id attribute of a set vlan name/pool to override the default vlan pool? Say I have the following ones set up below.

Students - 211-218

Employees - 219-223


If it's not possible, I guess we could assume that creating one SSID for each group would be the easiest solution.



Frequent Contributor I

Re: Override VLAN pool with another (Server rule)?



you can send back vlan names (pools) back to the controller with vendor specific attributes from your radius server


for Microsoft NPS ie: Vendor ID (Aruba) 14823 Type: String : value 9 (= Aruba-Named-User-Vlan) (see screenshot in attachment, you will need to create 1 / policy)

for Clearpass: this is a built in attribute


Kind regards,


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: Override VLAN pool with another (Server rule)?

A radius VSA will override a Virtual AP VLAN or role setting, yes...  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/User_Role_Assignments.htm?Highlight=vsa



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: