Controllerless Networks

Hi Airheads,

Does anyone know if it is possible to have a single SSID which can support role based VLAN assignment from ClearPass where:
- Role A is a local VLAN (i.e. will bridge traffic onto the local network)
- Role B is a VLAN with a corresponding Centralised DHCP scope configured

The objective is to have a single SSID which can support both bridged and L2 tunnelled access.

------------------------------
Chris Denham
------------------------------

yes i think that should work as long as the authentication is dot1x.
you can assign the VLANs to the user-role that are configured on the VC.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Aug 26, 2021 04:18 PM
From: Chris Denham
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

Hi Airheads,

Does anyone know if it is possible to have a single SSID which can support role based VLAN assignment from ClearPass where:
- Role A is a local VLAN (i.e. will bridge traffic onto the local network)
- Role B is a VLAN with a corresponding Centralised DHCP scope configured

The objective is to have a single SSID which can support both bridged and L2 tunnelled access.

------------------------------
Chris Denham
------------------------------

Thanks, in this case it will be MPSK :)

------------------------------
Chris Denham
------------------------------

Original Message:
Sent: Aug 26, 2021 07:01 PM
From: Ariya Parsamanesh
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

yes i think that should work as long as the authentication is dot1x.
you can assign the VLANs to the user-role that are configured on the VC.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Aug 26, 2021 04:18 PM
From: Chris Denham
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

Hi Airheads,

Does anyone know if it is possible to have a single SSID which can support role based VLAN assignment from ClearPass where:
- Role A is a local VLAN (i.e. will bridge traffic onto the local network)
- Role B is a VLAN with a corresponding Centralised DHCP scope configured

The objective is to have a single SSID which can support both bridged and L2 tunnelled access.

------------------------------
Chris Denham
------------------------------

i think that will work as you need ClearPass to send back the MPSK pass phrase, so you can add a user role to be sent as well.
i have not tested it myself but do let us know how you go.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Aug 26, 2021 07:04 PM
From: Chris Denham
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

Thanks, in this case it will be MPSK :)

------------------------------
Chris Denham

Original Message:
Sent: Aug 26, 2021 07:01 PM
From: Ariya Parsamanesh
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

yes i think that should work as long as the authentication is dot1x.
you can assign the VLANs to the user-role that are configured on the VC.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Aug 26, 2021 04:18 PM
From: Chris Denham
Subject: Instant AP - Single SSID with both local forwarding + IAP-VPN?

Hi Airheads,

Does anyone know if it is possible to have a single SSID which can support role based VLAN assignment from ClearPass where:
- Role A is a local VLAN (i.e. will bridge traffic onto the local network)
- Role B is a VLAN with a corresponding Centralised DHCP scope configured

The objective is to have a single SSID which can support both bridged and L2 tunnelled access.

------------------------------
Chris Denham
------------------------------