Wireless Access

Reply
Super Contributor II

POst auth VLAN change

I have a requirement to change the VLAN a client device is put on after PSK authentication. The SSID is shared with other devices that need to remain on the VLAN associated with the VAP. Has anyone implemented this based on perhaps a MAC address - the client are single manufacturer printers which should have only one or a small number of OUIs. Also the devices have statically assigned IP addresses.

Guru Elite

Re: POst auth VLAN change

You can do this with ClearPass or UDRs but the problem is that some devices don’t like to re-DHCP after a VLAN change.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: POst auth VLAN change

Trouble is they are static IPs so theres no DHCP. There is a clearpass at the customer but these devices are currently using a PSK for authentication. Can a UDR be used based on the OUI - I know you can do this with roles but I wasn't sure about VLANs.

Guru Elite

Re: POst auth VLAN change

You can do VLAN or user role.

 

udr-vlan.PNG


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: POst auth VLAN change

Made the change and it works a treat, thanks.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: