Wireless Access

Reply
Occasional Contributor I
Posts: 6
Registered: ‎12-16-2011

Radius server to Guest VLAN

I have a 650 controller running 6.1.2 software -- I currently have 2 VLANs setup Vlan1 for employees that need access to network resources using a radius server for access, Checking Active Directory for a role to allow access.  I also have Vlan10 for guest setup utilizing the internal database for authentication.  We have to add users to allow them on the guest VLAN.  This works fine since we have very few guest users.

 

What I would like is to allow normal -low level employees wit BOYD to log in to the guest network using their windows user name and password from the radius server.  They would only be allowed to have external internet access, and not the rest of the internal network.

 

Is there a way to authenticate from 2 different servers on the Guest VLAN - or do I have to set up a separate VLAN for BOYD internet access?

 

Barry

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Radius server to Guest VLAN


bedwards@shamrockbank.com wrote:

I have a 650 controller running 6.1.2 software -- I currently have 2 VLANs setup Vlan1 for employees that need access to network resources using a radius server for access, Checking Active Directory for a role to allow access.  I also have Vlan10 for guest setup utilizing the internal database for authentication.  We have to add users to allow them on the guest VLAN.  This works fine since we have very few guest users.

 

What I would like is to allow normal -low level employees wit BOYD to log in to the guest network using their windows user name and password from the radius server.  They would only be allowed to have external internet access, and not the rest of the internal network.

 

Is there a way to authenticate from 2 different servers on the Guest VLAN - or do I have to set up a separate VLAN for BOYD internet access?

 

Barry


In the Captive Portal Authentication Profile for your guest SSID (Configuration> Authentication> Layer3 authentication> Captive Portal Authentication Profile) there is a server group.  The server group normally only includes the internal server.  Edit that server group and add your radius server, but enble "Fail Through" on the server group and it will allow users from AD to connect.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎12-16-2011

Re: Radius server to Guest VLAN

Put that in -- it does authenticate to the Radius Server, but denies me because  it is using PAP -- my radius server wants to see PEAP.  Is there a way to make it use encryped?

 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Radius server to Guest VLAN

It is hashed with the pre shared key of the radius server. Jon Green wrote about this a couple days ago. Please search for pap.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: