Wireless Access

last person joined: 7 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Vlan pooling and clients with static addresses

  • 1.  Vlan pooling and clients with static addresses

    Posted Jun 12, 2012 04:39 AM

    Hi,

     

    I was just wondering about using using two different vlans on a VAP but clients connecting with a static ip?

     

    There are a number of printers that should have a static ip, but then with the vlan pool, they may end up in the wrong vlan.  Is there a way to put these particular clients into the correct vlan according to the static ip they have been configured with?

     

    I'm assuming this will be a user derivation rule that gets applied to the aaa profile and will be something like....

     

    aaa derivation-rules user "test-rule" set vlan condition macaddr starts-with "00:19:70" set-value x

     Are there any other caveats I should be aware of.

     

    Regards



  • 2.  RE: Vlan pooling and clients with static addresses

    Posted Jun 12, 2012 07:58 AM

    That is the way you should do it.

     



  • 3.  RE: Vlan pooling and clients with static addresses

    Posted Jun 12, 2012 11:39 AM

    Thanks Colin.  I've since found out that these static addresses are in the order of ~180.  I don't think that vlan pooling will work here.

     

    Can I take this vlan out from the pool but still place the clients into this vlan?  Or is it better to just create another ssid?

     

    Thanks

     

     



  • 4.  RE: Vlan pooling and clients with static addresses

    Posted Jun 12, 2012 01:39 PM

    Separate SSID.

     



  • 5.  RE: Vlan pooling and clients with static addresses

    Posted Oct 18, 2012 03:55 AM

    I tried this

     

    aaa derivation-rules user "test-rule" set vlan condition macaddr starts-with "00:19:70" set-value x

     

    and it seems to cause the printers to not connect.  They are using dot1x.  The cryptic messages in the logs seem to indicate that the client can't be placed into a vlan before they authenticate.  Is that correct?

     

    I'm now thinking I'll need to get the radius server to return an attribute and then define a server rule to place the client into the particular vlan.



  • 6.  RE: Vlan pooling and clients with static addresses

    Posted Jan 07, 2013 04:40 PM

    Did you ever resolve this?



  • 7.  RE: Vlan pooling and clients with static addresses

    Posted Jan 08, 2013 03:06 AM

    I raised a TAC case and they confirmed that vlan derivation rules don't work with dot1x.  Tried a different cert so that the radius server returns an attribute, but couldn't get it to work for reasons unknown.

     

    It was to do with the device not taking the new certificate and not the Aruba though.

     

     



  • 8.  RE: Vlan pooling and clients with static addresses

    Posted Jan 08, 2013 07:56 AM

    thanks for the reply.



  • 9.  RE: Vlan pooling and clients with static addresses

    Posted Jan 08, 2013 12:24 AM

    If you had a type attribute returned like "Printer" you could them give it that role in the controller and also place in a specific VLAN.