Wireless Access

Reply
MVP
Posts: 951
Registered: ‎04-13-2009

Sever rule to set VLAN to a named VLAN instance

Hi All,

 

We have 2 controllers running in a master - master scenario and a multitude of local controllers. Each local controller has 2 local VLANs for the different 2 user types. The local VLANs vary, some are the same, some are unique. The domain name of each user type is static across all sites.  (2 domains on per user type / group)

 

Lets say the user groups are A and B and the domais are alpha.com and beta.net.

 

To simplify thing I want to authenticate all users against a central AD server (802.1x auth) and using a server rule to read the domain-name attribute and to assign a VLAN name rather than number. 

 

So the rules would be :

 

#set vlan condition Domain-Name equals alpha.com set-value A

#set vlan condition Domain-Name equals beta.net set-value B

 

The named VLAN can then have a different ID on the local controllers.

However I'm unable to set the VLAN to be a name via this method as it only accepts the VLAN ID.

 

It is possible to do this? 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Sever rule to set VLAN to a named VLAN instance

A Vlan name cannot be used in a server derivation rule.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 951
Registered: ‎04-13-2009

Re: Sever rule to set VLAN to a named VLAN instance

Ah ok that's a shame.

 

I'll have to think of another solution!

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 13
Registered: ‎12-08-2011

Re: Sever rule to set VLAN to a named VLAN instance

Infact you can achieve this :

 

I mean to say Named-vlan is supported under SDR.

 

(Aruba3600) #show aaa derivation-rules server-group test

Server Group
------------
Name   Inservice  trim-FQDN  match-FQDN
----   ---------  ---------  ----------
surya  Yes        No

Server Rule Table
-----------------
Priority  Attribute  Operation  Operand    Action    Value  Total Hits  New Hits  Description
--------  ---------  ---------  -------    ------    -----  ----------  --------  -----------
1         User-Name  contains   surya.com  set vlan  ten    2           2

Rule Entries: 1

(Aruba3600) #show vlan mapping

Vlan Mapping Table
------------------
VLAN Name  Pool Status  Assignment Type  VLAN IDs
---------  -----------  ---------------  --------
ten        Disabled     N/A              10

(Aruba3600) #

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Sever rule to set VLAN to a named VLAN instance

Shabaresha,

 

What version of code is this supported in?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 13
Registered: ‎12-08-2011

Re: Sever rule to set VLAN to a named VLAN instance

not sure when we started supporting this. but we have this support in couple of releases back.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Sever rule to set VLAN to a named VLAN instance

Shabaresha, thank you.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 951
Registered: ‎04-13-2009

Re: Sever rule to set VLAN to a named VLAN instance

Excellent. Many thanks for letting me know.

Now I just need to see if i can configure this on a matter controller then have the named vlan have a different vlan id on local controllers. Should be ok right?
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 13
Registered: ‎12-08-2011

Re: Sever rule to set VLAN to a named VLAN instance

yes ..

New Contributor
Posts: 4
Registered: ‎09-17-2016

Re: Sever rule to set VLAN to a named VLAN instance

I come across your post while researching a similar issue. We have a single SSID, and they users authenticate using a captive portal through ldap. Two users groups are from different domains. I want to know if you were to resolve your issue using the named VLAN instances. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: