Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Role-Based Vlan Pools

Jump to Best Answer
This thread has been viewed 0 times
  • 1.  Role-Based Vlan Pools

    Posted Mar 24, 2013 02:12 PM

    Is there a way to set a server rule under an Authentication Server Group so that a user gets assigned to a VLAN Pool as opposed to just specific VLAN?



  • 2.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 02:16 PM

    There is not a way at this time.

     

    You may decide that you want to assign a group of users a different role, but just allow them to consume the same pool under the VAP.



  • 3.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 02:54 PM
    Thanks, can you elaborate on how I could achieve what I'm looking for?


  • 4.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 03:28 PM
    As Colin mention this type of setup unfortunately is not possible at the moment


  • 5.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 04:01 PM

    Okay.  I thought there might have been an alternative method to acheive what I wanted by this comment.

     

    "You may decide that you want to assign a group of users a different role, but just allow them to consume the same pool under the VAP."



  • 6.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 04:04 PM

    The question is.... What are you trying to accomplish?  What is your situation?



  • 7.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 04:09 PM

    I would like to assign students who authenticate via 802.1x to be assigned to a VLAN Pool on the same SSID as everyone else.    As opposed to just a single VLAN.



  • 8.  RE: Role-Based Vlan Pools
    Best Answer

    Posted Mar 24, 2013 04:12 PM

    Okay, so you might want to turn it around, then:

     

    Assign a pool of VLANs to the Virtual AP.  If a student authenticates via 802.1x just allow them on the radius server side or assign a role that does NOT have a VLAN assigned.  For others, you can assign them to a role that has a single VLAN tied to the role:

     

    Your Virtual AP has vlans 10,20,30.

     

    When your students authenticate, they will end up in one of those VLANs.

    Say a faculty member authenticates, you can respond with the radius server with a single VLAN that you want faculty in, or a role that has a single VLAN tied to it.

     

    Does that make sense?

     



  • 9.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 04:40 PM

    Absolutely.  I definitely follow your logic. 

     

    Until they come out with the ability to do the role based stuff then I wouldn't be able to assign staff to a pool using the same SSID.

     

    Thanks for all your input!



  • 10.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 04:42 PM

    If it will make you feel better, we have people using /22 networks with "drop broadcast and multicast" enabled on the VAP/VLAN and they have not had performance issues to speak of.  In other words, a single larger VLAN would be a supported move.



  • 11.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 05:14 PM

    That does.. There is a chance we could go 1-1 with iPads, about 900 extra devices....and I'd like to break it up as much as possible.

     

    I'd just like to be as ready as possible for a large deployment.

     

    Thanks to you and everyone else being patient with me.  I'm learning a lot from you all!

     

    Chad

     



  • 12.  RE: Role-Based Vlan Pools

    Posted Mar 24, 2013 02:44 PM
    Based on the information provided at the airheads conf this will available in the 6.3 AOS code