Hi All,
I would like to pick your brain on following topic.
Setup MM-MD.
MM Single VM
MD 2x 7205 in L2 cluster
All on 8.7.0.0 code.
CPPM single VM on 6.9.1. (Entry Licence)
We are in the middle of deploying network for Educational institution and requirement is to have 2 SSID's. One for "Trusted internal" devices and other and for "Guest and student BYOD devices".
The First SSID is mac-auth and is working 100%. Devices, depending on endpoint descriptions are dropped to different vlan.
Second SSID "Guest" is using CPPM CaptivePortal with mac caching. We aim to design it as follows:
User connects, gets IP in VLAN 666, captive portal redirect occurs and user is prompted for their Guest Credentials. From here we want to have two scenarios:
1) If your "Guest role ID" = 2 ( [Guest]) you are kept in VLAN 666 and have internet access only.
2) If your "Guest role ID" = 3001 "StudentWiFi" you are dropped to vlan 340, which has access to internal network and AirGroup Servers and also has Deep Packet Inspection performed by our Firewalls.
While option 1 is working 100%, option two will not work automatically as the CoA "Aruba Wireless - Bounce Switch port" is passed onto Aruba Controller, but user does not drop. As a result user keeps IP of the VLAN 666.
If I take the device, connect to different SSID and connect back to Guest, Mac caching kicks in and user is dropped to correct VLAN 340. Same happens if I issue CoA manually in CPPM, disable and enable WiFi and user connects to Guest on vlan 340.
Is what we are trying to do achievable with CPPM and MM-MD setup?
Any help and thoughts on this are greatly appreciated.
Thanks, Martin