Cloud Managed Networks

 View Only
last person joined: yesterday 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

Aruba Central with Client Roles and dynamic VLAN assignment

This thread has been viewed 17 times
  • 1.  Aruba Central with Client Roles and dynamic VLAN assignment

    Posted Jan 23, 2024 02:44 AM

    This is both relating to Clearpass and Aruba Central.

    When creating a role on Central is not possible without defining a VLAN.

    But is that overwritten when using clearpass to assign a Local User Role. as I see it I need to both return the the role and a specific VLAN.



  • 2.  RE: Aruba Central with Client Roles and dynamic VLAN assignment

    Posted Feb 12, 2024 04:43 AM

    In the earlier versions of CX, similar to ArubaOS-Switches, the VLAN was defined in the role. Idea behind it (probably) is that you just need to return the role and don't need to bother about VLANs on your RADIUS/ClearPass.

    In more recent versions, you now have the option to override the role VLAN (and some other attributes) with RADIUS.

    Hope this helps to understand where this is coming from.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Aruba Central with Client Roles and dynamic VLAN assignment

    Posted Feb 12, 2024 05:00 AM

    Yes i have allready got it to work.

     

    So now I assign roles where the VLAN and reauth simer is set, and have the client-inactivity timer be the only timer to be set in the LUR, since this apparently cannot be set via RADIUS

     

     

     

    Med venlig hilsen / Best regards



    Thomas Korndal-Hansen
    Senior Systems Architect
    Network & Security, Consulting East


    Mobil: 
    +45 4214 0409
    Teams:  +45 7214 3274
    Thomas.Korndal.Hansen@atea.dk

     

    Atea A/S
    Lautrupvang 6
    2750 Ballerup
    Denmark
    Telefon / Phone:
    +45 7025 2550
    www.atea.dk


    ASF 2024

     

    Vi bygger Danmark med it
    Sammen med vores kunder og samarbejdspartnere bygger vi et digitalt Danmark, vi kan være stolte af. Vi leverer skræddersyede it-løsninger, der fremtidssikrer og skaber værdi for vores kunders forretning. Vi gør det, fordi vi tror på, at it er og bliver den væsentligste drivkraft bag Danmarks succes. Med vores mere end 1.500 medarbejdere har vi en stærk lokal tilstedeværelse med afdelinger fordelt over hele Danmark. Atea Danmark har den højeste internationale antibestikkelsescertificering; ISO 37001. Atea-koncernen er repræsenteret i hele Norden og Baltikum med over 8.000 medarbejdere, en samlet omsætning på NOK 47 milliarder i 2022 og er noteret på Oslo Børs.

    This e-mail (including any attached documents) is proprietary and confidential and may contain legally privileged information. It is intended for the named recipient(s) only.
    If you are not the intended recipient, you may not review, retain, copy or distribute this message, and we kindly ask you to notify the sender by reply e-mail immediately and delete this message from your system.