Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

User Roles

Jump to Best Answer
  • 1.  User Roles

    Posted Jul 10, 2014 03:04 AM

    I'm trying to achieve dot1x authentication where radius server returns private-group-id which determines the role of the client. I wrote Server-Derivation Rule for that. But the issue is how will I configure it in ap configuration side? I created aaa profiles for each vlan.

    I want single ssid and single ap group. The vap profile of the ssid will include all the vlans. But how can I associate all of the user roles with one ssid profile in one ap group. Is this such a thing possible or neccesarry? Any help will be appreciated!


  • 2.  RE: User Roles
    Best Answer

    Posted Jul 10, 2014 03:31 AM

    Try to use the attribute FilterID instead.


    I think private-group-id attribute needs to be used in conjunction with a couple of others to work properly.

  • 3.  RE: User Roles

    Posted Jul 10, 2014 03:42 AM

    Right now my friend who can configure radius is not avaible. After I created the post I monitored the traffic between controller and radius. The Radius-Access-Accept message contains user-name credential. I changed the attribute to user-name and the magic worked!  I see that private-group-id is not working properly. I will investigate how can I use it for future use:). And I will try the FilterID later.


    Is there maximum limit for server-derivation rules in numbers?

  • 4.  RE: User Roles
    Best Answer

    Posted Jul 10, 2014 03:53 AM

    The private-group-id is used for for vlan derivation.




    I don't know if there is a limit on the number of server rules you can have, but wouldn't want it to be too large.



  • 5.  RE: User Roles

    Posted Jul 10, 2014 04:42 AM

    Thank you for your answers. It really helped me.

  • 6.  RE: User Roles

    Posted Jul 10, 2014 04:51 AM

    Your welcome.  Happy to help.



  • 7.  RE: User Roles

    Posted Jul 10, 2014 04:53 AM

    Try returning the Aruba specific VSA aruba-user-role and you don't even need to configure the server rules.

    When the controller receives the aruba-user-role attribute it automatically puts the user into that role.