Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

PEFNG License needed for 802.1X authenticated SSID with multiple user roles?

This thread has been viewed 0 times

  • 1.  PEFNG License needed for 802.1X authenticated SSID with multiple user roles?

    Posted Jul 23, 2018 05:36 AM

    Dear all,

     

    at a customer site we are about to install the following deployment:

    ~50 APs (305)

    ~Virtual Controller (AOS 8.3.0.1)

    ~Clearpass 6.7.4

    We want to deploy a single SSID (based on 802.1X EAP-PEAP) where users from multiple departments can authenticate (via Clearpass and AD). Based on their group affiliation on the AD, they are moved to different VLANs which are terminated at the central Firewall.

     

    Do we need PEFNG licenses on the controller to depict the roles on Clearpass derived from group affiliations from the AD? Or is a normal AP License enough for that usecase?

     

    Best regards :)

     



  • 2.  RE: PEFNG License needed for 802.1X authenticated SSID with multiple user roles?
    Best Answer

    EMPLOYEE
    Posted Jul 23, 2018 08:13 AM
    You should be able to return the user vlan in an enforcement profile using the Aruba-User-Vlan radius attribure on clearpass. That will return a different VLAN without using a role. That specifically would not require the PEFNG license.