Wireless Access

Reply
Occasional Contributor II
Posts: 37
Registered: ‎05-25-2011

Two SSIDs & Two LDAP Groups

Hey Guys,

I'm currently trying to figure out the best way to configure have two different SSIDs with one being for a specific LDAP group.  We are currently not using RADIUS (that will be done in the future), and are authenticating directly to MS AD.  I currently have an SSID that anyone with an LDAP account can access, but I have another SSID that is to be used by a specific group.  At the moment, the only way I can see doing this is to copying the existing LDAP servers and filtering for the desired group.  Is there any other way to do this?  Thanks.

 

Controller 3200

OS 6.1.3.1

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Two SSIDs & Two LDAP Groups

Why not just have a single SSID and change the role based on the "memberOf" attribute?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎05-25-2011

Re: Two SSIDs & Two LDAP Groups

Hey Cjospeh,

Currently our network design has a vlan for each SSID.  The Guest SSID/Vlan is used on both wired and wireless.

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Two SSIDs & Two LDAP Groups

Are your two different sets of users in a group or in separate containers (OUs)?  if they are in separate containers, you can have two different LDAP server definitions;  one where the base-dn is the OU of the first container and one where the second base-dn is the OU for the second container of users.

 

Will that work?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎05-25-2011

Re: Two SSIDs & Two LDAP Groups

Hey Cjoseph,

The Guest SSID can be used by anyone with an LDAP account.  The other SSID will just be a single group, but its users will be in different OUs.  I originally thought of a creating a second LDAP definiation, but wasn't sure if there was another (better) way to do it.  I will go ahead with that method.

 

Thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: