Controllerless Networks

last person joined: 18 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Instant (IAP) downloadable user role (DUR) with vlan argument not downloaded

This thread has been viewed 5 times

  • 1.  Instant (IAP) downloadable user role (DUR) with vlan argument not downloaded

    Posted Jul 08, 2020 12:33 PM

    Hello!

     

    I tried to apply the user vlan in combination with the user role as DUR from Clearpass to IAP.

     

    For this I used the type Radius:Aruba with Aruba-CPPM-Role and the value:
    wlan access-rule vl20_allow-all

    vlan 20
    rule any any match any any any permit

     

    This can be configured on instant cli and GUI.
    But if I deploy this as DUR, the VC won't download the role.

     

    I successfully pushed the role without the vlan.
    To apply the vlan, I used a second enforcement profile with the Aruba-User-Vlan Attribute.

     

    I found a similar described behavior at AOS here.

     

    Is this expected on AOS and IAP?
    Should it be as designed that vlans can not pushed with the DUR?

     

    Thank you!

     



  • 2.  RE: Instant (IAP) downloadable user role (DUR) with vlan argument not downloaded
    Best Answer

    EMPLOYEE
    Posted Jul 27, 2020 05:14 AM

    For:

    • IAP/controller DUR: Send separate User-role contents and the VLAN in a separate attribute (Filter-ID/Aruba-User-VLAN/Aruba-User-VLAN-Name). BTW, Role-based VLANs are deprecated/non-supported on controllers/IAP, which may be why.
    • ArubaOS Switch DUR: Send VLAN as part of the User-Role. If you send multiple RADIUS Attributes, everything will be rejected by the switch.


  • 3.  RE: Instant (IAP) downloadable user role (DUR) with vlan argument not downloaded

    Posted Jul 27, 2020 05:25 AM

    Hello Herman!

     

    Thank you, sounds plausible.