Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Radius server to Guest VLAN

This thread has been viewed 1 times

  • 1.  Radius server to Guest VLAN

    Posted Feb 17, 2012 12:15 PM

    I have a 650 controller running 6.1.2 software -- I currently have 2 VLANs setup Vlan1 for employees that need access to network resources using a radius server for access, Checking Active Directory for a role to allow access.  I also have Vlan10 for guest setup utilizing the internal database for authentication.  We have to add users to allow them on the guest VLAN.  This works fine since we have very few guest users.

     

    What I would like is to allow normal -low level employees wit BOYD to log in to the guest network using their windows user name and password from the radius server.  They would only be allowed to have external internet access, and not the rest of the internal network.

     

    Is there a way to authenticate from 2 different servers on the Guest VLAN - or do I have to set up a separate VLAN for BOYD internet access?

     

    Barry



  • 2.  RE: Radius server to Guest VLAN

    EMPLOYEE
    Posted Feb 17, 2012 01:14 PM
    bedwards@shamrockbank.com wrote:

    I have a 650 controller running 6.1.2 software -- I currently have 2 VLANs setup Vlan1 for employees that need access to network resources using a radius server for access, Checking Active Directory for a role to allow access.  I also have Vlan10 for guest setup utilizing the internal database for authentication.  We have to add users to allow them on the guest VLAN.  This works fine since we have very few guest users.

     

    What I would like is to allow normal -low level employees wit BOYD to log in to the guest network using their windows user name and password from the radius server.  They would only be allowed to have external internet access, and not the rest of the internal network.

     

    Is there a way to authenticate from 2 different servers on the Guest VLAN - or do I have to set up a separate VLAN for BOYD internet access?

     

    Barry

    In the Captive Portal Authentication Profile for your guest SSID (Configuration> Authentication> Layer3 authentication> Captive Portal Authentication Profile) there is a server group.  The server group normally only includes the internal server.  Edit that server group and add your radius server, but enble "Fail Through" on the server group and it will allow users from AD to connect.

     



  • 3.  RE: Radius server to Guest VLAN

    Posted Feb 21, 2012 03:57 PM

    Put that in -- it does authenticate to the Radius Server, but denies me because  it is using PAP -- my radius server wants to see PEAP.  Is there a way to make it use encryped?

     



  • 4.  RE: Radius server to Guest VLAN

    EMPLOYEE
    Posted Feb 21, 2012 04:54 PM
    It is hashed with the pre shared key of the radius server. Jon Green wrote about this a couple days ago. Please search for pap.