Wireless Access

Reply
Frequent Contributor II

Role-Based Vlan Pools

Is there a way to set a server rule under an Authentication Server Group so that a user gets assigned to a VLAN Pool as opposed to just specific VLAN?

Guru Elite

Re: Role-Based Vlan Pools

There is not a way at this time.

 

You may decide that you want to assign a group of users a different role, but just allow them to consume the same pool under the VAP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Role-Based Vlan Pools

Based on the information provided at the airheads conf this will available in the 6.3 AOS code
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Role-Based Vlan Pools

Thanks, can you elaborate on how I could achieve what I'm looking for?

Re: Role-Based Vlan Pools

As Colin mention this type of setup unfortunately is not possible at the moment
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: Role-Based Vlan Pools

Okay.  I thought there might have been an alternative method to acheive what I wanted by this comment.

 

"You may decide that you want to assign a group of users a different role, but just allow them to consume the same pool under the VAP."

Guru Elite

Re: Role-Based Vlan Pools

The question is.... What are you trying to accomplish?  What is your situation?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Role-Based Vlan Pools

I would like to assign students who authenticate via 802.1x to be assigned to a VLAN Pool on the same SSID as everyone else.    As opposed to just a single VLAN.

Guru Elite

Re: Role-Based Vlan Pools

Okay, so you might want to turn it around, then:

 

Assign a pool of VLANs to the Virtual AP.  If a student authenticates via 802.1x just allow them on the radius server side or assign a role that does NOT have a VLAN assigned.  For others, you can assign them to a role that has a single VLAN tied to the role:

 

Your Virtual AP has vlans 10,20,30.

 

When your students authenticate, they will end up in one of those VLANs.

Say a faculty member authenticates, you can respond with the radius server with a single VLAN that you want faculty in, or a role that has a single VLAN tied to it.

 

Does that make sense?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Role-Based Vlan Pools

Absolutely.  I definitely follow your logic. 

 

Until they come out with the ability to do the role based stuff then I wouldn't be able to assign staff to a pool using the same SSID.

 

Thanks for all your input!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: