Hi,
Can I have server derived vlan (server rule) for a specific group of users in a SSID which is configured with vlan setting as a pool of vlans, we use NPS for .1x authentication. If yes, could help us with the configuration both in controller as well as RADIUS.
Thanks
New in ArubaOS 6.3, you can assign a VLAN pool to a server derivation rule. From the 6.3 release notes:
VLAN Derivation from Named VLAN Pools
Named VLANs can be configured under user rule, server derivation, user derivation, and VSA in this release. Previously, only single VLAN ID names supported the above.
You cannot modify a VLAN name so choose the name carefully.
Named VLANs (single VLAN IDs or VLAN pools) can only be assigned to tunnel mode VAP’s and wired profiles. They can also be assigned to user roles, user rule derivation, server derivation, and VSA for tunnel and bridge mode.
There are two parts to this:
1- Configuring NPS to send back an attribute based on a user group: http://community.arubanetworks.com/t5/Campus-WLAN-and-High-Density-Wi/Assigning-users-different-vlan-subnet-based-on-AD-group/td-p/59210
2- Writing a server derivation rule to put users in a named VLAN pool based on that attribute.
Thank you Joseph for the reply, I would like to stress that I don't need a vlan pool in server derived rule, just one vlan is sufficient, but the SSID is already set for a vlan pool (vlan setting under SSID properties), now could you advise.
Then you need the first link that describes how to send back the attribute. You then write a server derived rule to change the VLAN or role based on that returned attribute from NPS.
Will this set up works if SSID vlan setting is already configured for vlan pool.
thnaks
override happens only if computer + user authentication succedes ?, anything like that ?
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.