Wireless Access

Reply
Contributor II
Posts: 43
Registered: ‎03-31-2014

User Roles

I'm trying to achieve dot1x authentication where radius server returns private-group-id which determines the role of the client. I wrote Server-Derivation Rule for that. But the issue is how will I configure it in ap configuration side? I created aaa profiles for each vlan.

I want single ssid and single ap group. The vap profile of the ssid will include all the vlans. But how can I associate all of the user roles with one ssid profile in one ap group. Is this such a thing possible or neccesarry? Any help will be appreciated!

 

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: User Roles

Try to use the attribute FilterID instead.

 

I think private-group-id attribute needs to be used in conjunction with a couple of others to work properly.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: User Roles

Right now my friend who can configure radius is not avaible. After I created the post I monitored the traffic between controller and radius. The Radius-Access-Accept message contains user-name credential. I changed the attribute to user-name and the magic worked!  I see that private-group-id is not working properly. I will investigate how can I use it for future use:). And I will try the FilterID later.

 

Is there maximum limit for server-derivation rules in numbers?

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: User Roles

The private-group-id is used for for vlan derivation.

 

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Network_Parameters/About_VLAN_Assignments.htm#network_parameters_2319977163_1017188

 

I don't know if there is a limit on the number of server rules you can have, but wouldn't want it to be too large.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: User Roles

Thank you for your answers. It really helped me.

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: User Roles

Your welcome.  Happy to help.

 

:smileyhappy:


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 762
Registered: ‎03-25-2009

Re: User Roles

Try returning the Aruba specific VSA aruba-user-role and you don't even need to configure the server rules.

When the controller receives the aruba-user-role attribute it automatically puts the user into that role.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: