Could help me how to configure a AAA profile in which RADIUS server decides the client VLAN based on active deirectory membership.
Are you looking for Vendor Specific Attributes?
VENDOR Aruba 14823
ATTRIBUTE Aruba-User-Role 1 String Aruba
ATTRIBUTE Aruba-User-Vlan 2 Integer Aruba
ATTRIBUTE Aruba-Priv-Admin-User 3 Integer Aruba
ATTRIBUTE Aruba-Admin-Role 4 String Aruba
# Added in 188.8.131.52 (June 2005)
ATTRIBUTE Aruba-Essid-Name 5 String Aruba
ATTRIBUTE Aruba-Location-Id 6 String Aruba
# Added in 184.108.40.206 (July 2006)
ATTRIBUTE Aruba-Port-Identifier 7 String Aruba
What is your RADIUS server? The VLAN decision based up on AD group membership will be done by the RADIUS server. On the Aruba side, you can configure the server group to take action and assign a VLAN based upon RADIUS attributes returned. This requires you to set the return attribute on the RADIUS side. If you are using IAS/NPS you'll need to use a vendor supplied custom attribute (listed below).
On the Aruba side........For example:
aaa server-group "radius-group" set vlan condition "Aruba-User-Vlan" equals "x" set-value x position 1
Or (will set the VLAN to whatever the value is, rather than specificy individual VLANs)
aaa server-group "radius-group" set vlan condition "Aruba-User-Vlan" value-of position 1
Aruba Custom VSAs (for NPS or other RADIUS server that does not have Aruba RADIUS dictionary).
Vendor Code - 14823
Aruba-Priv-Admin-User Non-negative value will give root/enable access
Thanks very much. Suppose the secnario is like this, single ssid, two categories of users,1) Domain users whose computers are part AD, they will use domain username to connect. Other category is user devices they are not part of AD, they also connect using their AD username, but force to a specific vlan based on the MAC address. Is this possible to do.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.