Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Vlan for Machine authen

This thread has been viewed 1 times

  • 1.  Vlan for Machine authen

    Posted Jun 11, 2013 06:22 AM

    I have question 

    How to return Radius Attribute vlan 7,8,9  from IAS  for machine authen connect to Domain 

    I  want to machine authen and use ip  from  vlan 789 by random , Because  client estimating 800 

    if use subnet   /22 will cause more boardcast  traffice

     

    Controller without "Enforce Machine authen"

     

     I set  IAS and controller on figure but can't obtain  ip machine authen policy

     



  • 2.  RE: Vlan for Machine authen

    Posted Jun 11, 2013 07:58 AM

    You dont have to use any machine authentication to do this.

     

    You can just make the clients to be distributed among vlan 7, 8 or 9 by using a vlan pool.

    Just go to Configuration > Network > Vlan > Vlan Pool. Here you can add the vlans you want to use:

    2013-06-11 13_52_47-Switch VLAN Configuration.png

     

    Then in your vap profile, just reference the named Vlan Pool:

    2013-06-11 13_54_43-AP Group.png

     

    This way the clients will be distributed among the vlans in the vlan pool.



  • 3.  RE: Vlan for Machine authen

    Posted Jun 11, 2013 10:42 AM

    Hi Nesvik, thank you for answer 

     

    But i use 802.1x authen ,which i can't use  "Enforce Machine Authen"  

     I need  to  Machine Authentication obtain vlan from DHCP server on windows server 2003 

    which i do return Attribute vlan  

     

    How to set server rule on server group for matching  and  machine client  obtain among vlan 

    I'm try set server rule that  

     

    Reply-MessageequalsmachineStringset vlanClient_HQ

     

    Which "Client_HQ(hash)"  is vlan pool  ,but machine client can't obtain ip 



  • 4.  RE: Vlan for Machine authen

    Posted Jun 11, 2013 11:35 AM

     

    Applying a VLAN pool through a server derivation rule is not under available to use under the AOS 5.x/6.1.x/6.2.x but it will be available under the 6.3 AOS code .

     

    You could use Nesvik option in combination with the /22 subnets , if you don't have any applications that require mutlicast to communicate then and you are concern about broadcast you can turn on the following :

     

    - In the VAP : Drop Broadcast and Multicast (Wireless)

    - On the Wired : BCMC (Broadcast-Multicast) Optimization

     

     

     

     



  • 5.  RE: Vlan for Machine authen

    Posted Jun 11, 2013 12:11 PM

    Hi vfabian, thank you for answer

     

    I can  will  download AOS 6.3 from where ?  

    i see 6.2 AOS  but i can't  see 6.3 AOS on figure

    10.png

     

     

     



  • 6.  RE: Vlan for Machine authen

    Posted Jun 11, 2013 01:06 PM

     

    There's a 6.3 Beta program available, in order to get access you should contact your local SE.

     

    I wouldn't recommend using AOS 6.3 on your production environment .

     

     



  • 7.  RE: Vlan for Machine authen

    Posted Jun 13, 2013 12:21 AM

    Oh 

    thank you very much fabian :smileyhappy: