Hi Nathan,
Below an example of an incoming radius-request from a Aruba controller. The information your looking for are the first four lines, also known as Aruba Vendor Specific Attributes (VSA). Because this are not standard IETF RADIUS attributes you have to find out how to use them.
Not sure, but maybe you can find some usefull information in the xml file in the attachment.
Radius:Aruba:Aruba-AP-Group Zaltbommel-VC
Radius:Aruba:Aruba-Device-Type iPhone
Radius:Aruba:Aruba-Essid-Name HomeLAB-Corp
Radius:Aruba:Aruba-Location-Id Zaltbommel-AP01
Radius:IETF:Called-Station-Id f05c19xxxxxx
Radius:IETF:Calling-Station-Id aad562xxxxx
Radius:IETF:Framed-MTU 1100
Radius:IETF:NAS-Identifier test
Radius:IETF:NAS-IP-Address 172.16.200.240
Radius:IETF:NAS-Port 0
Radius:IETF:NAS-Port-Type 19
Radius:IETF:Service-Type 2
Radius:IETF:User-Name marcelkoedijk
------------------------------
Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | ACDA | Ekahau ECSE | Not an HPE Employee | Opionions are my own
------------------------------
Original Message:
Sent: Apr 06, 2021 07:22 PM
From: Nathan Kuhl
Subject: RADIUS data
We currently use FortiNAC as our RADIUS server and it works great in conjunction with Aruba OS. However, I'd like to start creating some more advanced role-based access polices based on the AP group, or AP name, that a client has just authenticated to. My question is, when a client authenticates, what data is sent back to the RADIUS server to utilize for role-based access? Right now, all I'm trying to do is get the AP group or AP name of the access point that the client is currently connected to.
Thanks.
------------------------------
Nathan Kuhl
------------------------------