Wireless Access

Reply
Occasional Contributor II
Posts: 43
Registered: ‎11-22-2013

SSID Access Control

HI,

 

Do u have any ideas how to make these work:

 

1. students can only connect to student SSID ONLY

2. staff can only connect to staff SSID ONLY

 

for example:

 

- students wont be able to connect to staff SSID (fail to connect)

staffwont be able to connect to student SSID (fail to connect)

 

whats need to configure inside controller and Radius / LDAP

 

Thanks

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: SSID Access Control

[ Edited ]

Best practice would be to have a single SSID with roles being assigned by the RADIUS server.

 

What is your RADIUS server? ClearPass?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 43
Registered: ‎11-22-2013

Re: SSID Access Control

i cant do that because its in production. its not clearpass. normal radius. Can i do that ?

MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: SSID Access Control

[ Edited ]

EDIT: the question was already asked by TCappy

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 43
Registered: ‎11-22-2013

Re: SSID Access Control

This is users radius.. I think they use Windows server as the radius..

Thanks,

Regards,

Shaiful Adli bin Yaakob
Acelync Networks Sdn Bhd
Occasional Contributor II
Posts: 43
Registered: ‎11-22-2013

Re: SSID Access Control

can u give me the link..

 

thanks..

Frequent Contributor II
Posts: 149
Registered: ‎04-20-2009

Re: SSID Access Control

I used to do something similar with Microsoft IAS using the filter ID RADIUS attribute and a server rule I set up.

 

Start with the RADIUS Attribute.

When a Student authenticates have IAS Send a filter ID of "Student" in the radius accept message.

Likewise send a filter ID of "Staff" for staff authentications.

 

You will need to create a unique server group for each SSID. The severs within the server group can be the same.

Under the Server rules section of the server group configuration create a rule to block access.  Something like.....

 

aaa server-group "Staff"

  set role condition "filter-Id" equals "Student" set value denyall position 1

aaa server-group "Student"

  set role condition "filter-Id" equals "Staff" set value denyall position 1

 

Hope this will help.

 

 

Guru Elite
Posts: 21,018
Registered: ‎03-29-2007

Re: SSID Access Control


shaiful@acelync.com wrote:

can u give me the link..

 

thanks..


http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Working-DERIVATION-ROLE-for-DOMAIN-and-PERSONAL-workstation/m-p/132675/highlight/true#M9156



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 43
Registered: ‎11-22-2013

Re: SSID Access Control

I understand what you saying..does the deny all will prevent the user from becomes connected with the user ID at all? I hope the user gets something like unable to connect.

Search Airheads
Showing results for 
Search instead for 
Did you mean: