Wireless Access

If you have multiple servers in a Server Group, I know that you can select which specific Auth server is used to process the authentication based on the Auth String of the user log in.  This is usually referred to as Dynamic Server Selection.

 

However, a customer of mine needs to be able to select the server based on the AP Group (often referred to as the "location") the client connection is made through.

 

Is this possible ?

 

If so, how ?

Here is the structure of an Ap-Group

 

AP-Group

   Virtual AP

       SSID Profile

        AAA Profile

           Server Group

 

You would basically clone the Virtual AP that is currently serving his clients.  On the Cloned Virtual AP, you would have a Different AAA profile that has a different server group.  That server group would have the new radius server.  In the ap-groups that you want Server A to be used, you would insert the first Virtual AP.  In the ap-groups that you would want server B to be used, you would use the cloned, or second Virtual AP...

 

Please let us know if you need that to be explained further...

 

 

 

Hi, thanks for the reply.

However, that is a static configuration, not dynamic selection.

What they want to achieve is a server group that selects the auth server based on AP location/AP group membership rather than different Server Groups referenced by having multiple AAA profiles. That advantage of this approach that one AAA profile can be used for many VAP's. Your method increases the configuration entities considerably.

If you have a look at the Authentication chapters of the Aruba Mobility Bootcamp, it demonstrates dynamic server selection based on Auth String. We basically want something like that but using the AP Location instead of Auth String as the selection criteria.

So.

Any other suggestions ?