Hi skywave,
from my point of view, your proposed configuration should work. I'm not sure if only role assignment will work. From my point of view, you also have to send the Aruba VLAN VSA as well.
BR
Florian
------------------------------
-------------------------------------------------------------------------------
Florian Baaske
-------------------------------------------------------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
-------------------------------------------------------------------------------
Also visit the AirHeads Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ-------------------------------------------------------------------------------
Feel free to visit my personal Blog
https://www.flomain.de------------------------------
Original Message:
Sent: Mar 04, 2021 09:39 PM
From: Chris Denham
Subject: RADIUS based VLAN assignment - IAP-VPN with Centralised-L2
Hi Airheads,
Has anyone successfully used RADIUS based VLAN assignment with IAP-VPN tunnelled networks with Centralised-L2?
Here is the proposed configuration:
- VLANs configured on VPNCs managed by Aruba Central with DHCP relay
- Aruba GRE configured on IAP cluster
- Centralised-L2 DHCP scopes configured for each VLAN on IAP cluster
- Roles with VLAN assignment rules configured for each Centralised-L2 scope
- Single WLAN configured to use 'dummy' VLAN by default
- ClearPass returns RADIUS attribute containing role assignment
------------------------------
Chris Denham
------------------------------