Wireless Access

Reply
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Vlan pooling and clients with static addresses

Hi,

 

I was just wondering about using using two different vlans on a VAP but clients connecting with a static ip?

 

There are a number of printers that should have a static ip, but then with the vlan pool, they may end up in the wrong vlan.  Is there a way to put these particular clients into the correct vlan according to the static ip they have been configured with?

 

I'm assuming this will be a user derivation rule that gets applied to the aaa profile and will be something like....

 

aaa derivation-rules user "test-rule" set vlan condition macaddr starts-with "00:19:70" set-value x

 Are there any other caveats I should be aware of.

 

Regards


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Vlan pooling and clients with static addresses

That is the way you should do it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Vlan pooling and clients with static addresses

Thanks Colin.  I've since found out that these static addresses are in the order of ~180.  I don't think that vlan pooling will work here.

 

Can I take this vlan out from the pool but still place the clients into this vlan?  Or is it better to just create another ssid?

 

Thanks

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Vlan pooling and clients with static addresses

Separate SSID.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Vlan pooling and clients with static addresses

I tried this

 

aaa derivation-rules user "test-rule" set vlan condition macaddr starts-with "00:19:70" set-value x

 

and it seems to cause the printers to not connect.  They are using dot1x.  The cryptic messages in the logs seem to indicate that the client can't be placed into a vlan before they authenticate.  Is that correct?

 

I'm now thinking I'll need to get the radius server to return an attribute and then define a server rule to place the client into the particular vlan.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
New Contributor
Posts: 2
Registered: ‎03-21-2012

Re: Vlan pooling and clients with static addresses

Did you ever resolve this?

Chief Airhead
Posts: 1,111
Registered: ‎07-13-2010

Re: Vlan pooling and clients with static addresses

If you had a type attribute returned like "Printer" you could them give it that role in the controller and also place in a specific VLAN. 

Sean Rynearson | Chief Airhead
Aruba, a Hewlett Packard Enterprise Company
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Vlan pooling and clients with static addresses

I raised a TAC case and they confirmed that vlan derivation rules don't work with dot1x.  Tried a different cert so that the radius server returns an attribute, but couldn't get it to work for reasons unknown.

 

It was to do with the device not taking the new certificate and not the Aruba though.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
New Contributor
Posts: 2
Registered: ‎03-21-2012

Re: Vlan pooling and clients with static addresses

thanks for the reply.

Search Airheads
Showing results for 
Search instead for 
Did you mean: