Controllerless Networks

Hi Airheads,

Has anyone successfully used RADIUS based VLAN assignment with IAP-VPN tunnelled networks with Centralised-L2?

Here is the proposed configuration:

- VLANs configured on VPNCs managed by Aruba Central with DHCP relay
- Aruba GRE configured on IAP cluster
- Centralised-L2 DHCP scopes configured for each VLAN on IAP cluster
- Roles with VLAN assignment rules configured for each Centralised-L2 scope
- Single WLAN configured to use 'dummy' VLAN by default
- ClearPass returns RADIUS attribute containing role assignment

------------------------------
Chris Denham
------------------------------

Hi Chris,

I will be following with interest your topic as I am currently trying to implement the "Zero Trust" approach using FreeRADIUS on a Raspberry Pi. I have successfully set it up to authenticate into the devices for management purposes (with local authentication for backup).

I am sorry I can't give any feedback on your enquiry, but I really hope more experienced members will come up with good advice.

Hi skywave,

from my point of view, your proposed configuration should work. I'm not sure if only role assignment will work. From my point of view, you also have to send the Aruba VLAN VSA as well. 

BR
Florian

------------------------------
-------------------------------------------------------------------------------
Florian Baaske
-------------------------------------------------------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
-------------------------------------------------------------------------------
Also visit the AirHeads Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ
-------------------------------------------------------------------------------
Feel free to visit my personal Blog
https://www.flomain.de
------------------------------

Original Message:
Sent: Mar 04, 2021 09:39 PM
From: Chris Denham
Subject: RADIUS based VLAN assignment - IAP-VPN with Centralised-L2

Hi Airheads,

Has anyone successfully used RADIUS based VLAN assignment with IAP-VPN tunnelled networks with Centralised-L2?

Here is the proposed configuration:

- VLANs configured on VPNCs managed by Aruba Central with DHCP relay
- Aruba GRE configured on IAP cluster
- Centralised-L2 DHCP scopes configured for each VLAN on IAP cluster
- Roles with VLAN assignment rules configured for each Centralised-L2 scope
- Single WLAN configured to use 'dummy' VLAN by default
- ClearPass returns RADIUS attribute containing role assignment

------------------------------
Chris Denham
------------------------------

For posterity - this worked with Role and VLAN attributes returned. Haven't tried without the VLAN attributes (the roles on the VC have VLAN assignment rules)z

------------------------------
Chris Denham
------------------------------

Original Message:
Sent: Apr 04, 2021 03:39 PM
From: Florian Baaske
Subject: RADIUS based VLAN assignment - IAP-VPN with Centralised-L2

Hi skywave,

from my point of view, your proposed configuration should work. I'm not sure if only role assignment will work. From my point of view, you also have to send the Aruba VLAN VSA as well. 

BR
Florian

------------------------------
-------------------------------------------------------------------------------
Florian Baaske
-------------------------------------------------------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
-------------------------------------------------------------------------------
Also visit the AirHeads Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ
-------------------------------------------------------------------------------
Feel free to visit my personal Blog
https://www.flomain.de

Original Message:
Sent: Mar 04, 2021 09:39 PM
From: Chris Denham
Subject: RADIUS based VLAN assignment - IAP-VPN with Centralised-L2

Hi Airheads,

Has anyone successfully used RADIUS based VLAN assignment with IAP-VPN tunnelled networks with Centralised-L2?

Here is the proposed configuration:

- VLANs configured on VPNCs managed by Aruba Central with DHCP relay
- Aruba GRE configured on IAP cluster
- Centralised-L2 DHCP scopes configured for each VLAN on IAP cluster
- Roles with VLAN assignment rules configured for each Centralised-L2 scope
- Single WLAN configured to use 'dummy' VLAN by default
- ClearPass returns RADIUS attribute containing role assignment

------------------------------
Chris Denham
------------------------------