Wireless Access

Reply
Contributor II

User derived rule for specific vlan

We are vlan pooling about 10 subnets to a  local controller and would like a couple specific mac addresses always be assigned to the same vlan. From the user guide the following syntax should assign mac address 11:22:33:44:55:66 to vlan 99? Also, since we have a master with multiple local controllers, does that command get entered on the local controller?

 

aaa derivation-rules user test-mac-vlan
  set vlan condition macaddr equals "11:22:33:44:55:66" set-value 99

 

Bob

Re: User derived rule for specific vlan

Why do you need this?

if you are using user derived roles depending on which group of AD it is you can give them differente permitions no matter on what vlan or what ip address he gets

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Contributor II

Re: User derived rule for specific vlan

We have some Apple IPads that need to be on the same subnet, but with vlan pooling they are getting assigned to different subnets. If I created a user derived rule for each mac address, then I could get all the IPads on the same subnet. I realized that this isn't a scalable solution, but it might be a quick fix for the testing phrase of the IPads.

 

Bob

Re: User derived rule for specific vlan

You could use DHCP Fingerprint

Or IF you are using EAP PEAP then it doesnt matter if it ipad or whatever.... if they put their user and password they will get the same permission no matter what device they use...

I dont know if you are looking for that.  Or you just want to restrict the access to ipad no matter if its an internal user like if they are bringing ipads from home?

 

Can you please explian better your situation to see if i can find you a better solution?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Re: User derived rule for specific vlan

Here is some info of DHCP Fingerprint

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/COTD-DHCP-Fingerprinting-how-to-ArubaOS-6-0-1-0-and-above/td-p/11164

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Contributor II

Re: User derived rule for specific vlan

I do not want or need all IPads to be in the same vlan. I'm looking for a simple short term solution to get 10 IPads to be on the same vlan, and an user derived rule seem to be the easiest way to do that.

 

 

 

Guru Elite

Re: User derived rule for specific vlan

You cannot do that, because user derivation rules are overwritten by every other authentication method, unfortunately...  Do these ipads need to be on the same VLAN for airplay or.....?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II

Re: User derived rule for specific vlan

We do not have any other authentiction method, so that is why I thought it would work. Within our DHCP server we use a mac base authentication, but no authentication on the wireless controllers. 

 

They didn't use the word Airplay, but said Bonjour and reflector, so the teacher could have a display on her IPad and the students could sync with that IPad.  I think that is similar to Airplay. I was reading the Airgorup Aruba solution guide, but I didn't think any of that was supported in our current version, 6.1.3.2 Plus we do not have ClearPass deployed. 

 

Bob 

Re: User derived rule for specific vlan

though other words were used, it certainly is Airplay. you don't need clearpass for it, just a ArubaOS tech release which supports it.

Contributor II

Re: User derived rule for specific vlan

As far as I can tell our currenty release, 6.1.3.2, doesn't support Airplay and we will not be upgrsding code for a while. Do you know what ArubaOS releases support Airplay? 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: