03-09-2012 07:21 AM
We have a guest SSID broadcasted on Campus AP and Remote AP and we want to apply different policy to clients
connected to RAP. Is there any way to distinguish between client connected to CAP and client connected to RAP?
We are using RADIUS server for authentication.
03-09-2012 07:38 AM
Are the RAP and CAP are in different AP-group ?
If yes, you can use the same SSID profile with different AAA profile, you can map the respective roles to the users connecting CAP and RAP.
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
03-16-2012 08:24 AM
Yes, the CAP and RAP are in different AP groups.
The users that connect either to RAP or CAP are getting the same server derived role because they are authenticated
by the same network policy on the radius server. So by specifying different AAA profie with different default role does not help
because the default role will not be assigned if the server derived role is present.
If i move the RAP to a different controller then based on the NAS ID i can specify different value to the radius attribute on the
network policy and then the server derived role will be different. I tested this by moving the CAP to another controller and it works.
Is it possible to move the RAP from the master to a local controller?
03-16-2012 08:41 AM
Sure Remote APs (RAPs) can terminate on any reachable controller. You can set the LMS-IP address in the AP system profile within the AP-Group to the desired controller that you are trying to have the remote AP terminate upon.
LMS-IP field == controller to terminate upon (aka. users will 'pop up' on)
03-23-2012 03:42 PM