Wireless Access

Reply
Occasional Contributor I

Override VLAN pool with another (Server rule)?

In attempt to reduce to the number of SSIDs on our network, I'd like our multiple groups of users (Students and Employees) to share the same SSID while keeping them on seperate VLAN pools. We have a the entire vlan pool (211-223) is assigned to a single VAP. 

 

Can you use a RADIUS filter-id attribute of a set vlan name/pool to override the default vlan pool? Say I have the following ones set up below.

Students - 211-218

Employees - 219-223

 

If it's not possible, I guess we could assume that creating one SSID for each group would be the easiest solution.

 

 

Frequent Contributor II

Re: Override VLAN pool with another (Server rule)?

Hi,

 

you can send back vlan names (pools) back to the controller with vendor specific attributes from your radius server

 

for Microsoft NPS ie: Vendor ID (Aruba) 14823 Type: String : value 9 (= Aruba-Named-User-Vlan) (see screenshot in attachment, you will need to create 1 / policy)

for Clearpass: this is a built in attribute

 

Kind regards,

Thomas
ACMX#370 ACCX#1000

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: Override VLAN pool with another (Server rule)?

A radius VSA will override a Virtual AP VLAN or role setting, yes...  http://www.arubanetworks.com/techdocs/ArubaOS_6.4.4.x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/User_Role_Assignments.htm?Highlight=vsa

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: