05-13-2016 01:05 AM
we're currently using Cisco ACS 5.x for our VPN User Database. Currently we set with Radius the Users inner-VPN IP and a inner vlan (Cisco VPN). If we use that database for Aruba VIA-VPN we're suprised: We get the IP and the VLAN from the Radius in the VIA Client used. And that is the base of my questions:
- We need to set a different IP for Aruba VPN (different Subnet) - is Aruba AP IP adress here usable for that ? If i work with the internal Server and set an IP for the User it works also with the VIA Client. So i need to "prefer" or "ignore" that other VSA.
- We need to "irgnore" the vlan VSA because on Aruba we use a IP-Pool
Does anyone know how to overwrite Server VSA or how to custom the settings on the controller ?
In our constellation we need a way to drive both ways: Old Cisco VPN and New Aruba VPN paralell where Cisco needs the IP and Vlan VSA and a "static" IP for Aruba VIA Users (Host-VIA-Pool with one IP doesn't work)
Thanks in advance for Feedback!
Solved! Go to Solution.
05-13-2016 02:23 AM
Unfortunately, Radius VSAs are at the top of the priority list and cannot be filtered out. You might have to choose to duplicate your authentication scheme and make one for Aruba and one for Cisco.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-13-2016 02:56 AM
we try to configure a rule/scheme on the ACS for that situation. Is there any "list" that shows the radius VSA that the aruba controller accepts "anyway" with high prio ?