We have a guest SSID broadcasted on Campus AP and Remote AP and we want to apply different policy to clients
connected to RAP. Is there any way to distinguish between client connected to CAP and client connected to RAP?
We are using RADIUS server for authentication.
Are the RAP and CAP are in different AP-group ?
If yes, you can use the same SSID profile with different AAA profile, you can map the respective roles to the users connecting CAP and RAP.
Yes, the CAP and RAP are in different AP groups.
The users that connect either to RAP or CAP are getting the same server derived role because they are authenticated
by the same network policy on the radius server. So by specifying different AAA profie with different default role does not help
because the default role will not be assigned if the server derived role is present.
If i move the RAP to a different controller then based on the NAS ID i can specify different value to the radius attribute on the
network policy and then the server derived role will be different. I tested this by moving the CAP to another controller and it works.
Is it possible to move the RAP from the master to a local controller?
Sure Remote APs (RAPs) can terminate on any reachable controller. You can set the LMS-IP address in the AP system profile within the AP-Group to the desired controller that you are trying to have the remote AP terminate upon.
LMS-IP field == controller to terminate upon (aka. users will 'pop up' on)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.