> also note that you can use "
Aruba-User-Vlan" attribute as well.
We wanted to do that with AOS10 tunneled WLAN, but the gateway logs the following when the Aruba-User-Vlan VSA is included in the Access-Accept:
Jan 24 11:35:18 2023 :121003: <3966> <ERRS> |radproxy| |aaa| Discarding unknown response from server
without it the connection works.
We are now testing the Aruba-User-Role VSA for tunneled AOS10.
Do you know if there is a list of supported VSA for tunneled AOS10? I couldn't find one in the documentation.
------------------------------
Thanks,
Bjarne
------------------------------
Original Message:
Sent: Jan 23, 2023 05:11 PM
From: ariyap
Subject: central dynamic vlan assignment based on client role
if you got your RADIUS working then, you can send Aruba VSA attribute "Aruba-User-Role" which would match the user-role that you have configured for the IAPs and that user-role has a VLAN assignment.
also note that you can use "Aruba-User-Vlan" attribute as well.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 23, 2023 05:02 AM
From: lbrune
Subject: central dynamic vlan assignment based on client role
Hi,
I use Microsoft Azure (on Cloud) as Radius Server, the authentication is working properly.
Now I am working on vlan assignment
Original Message:
Sent: Jan 19, 2023 05:32 PM
From: Ariya Parsamanesh
Subject: central dynamic vlan assignment based on client role
is the WLAN for dot1x auth or PSK?
if its for dot1x auth, then you need a RADIUS server and that radius server can send Aruba VSA called aruba-user-role which should match the user-role that you can configure for the APs. Then that user-role can have VLAN assignment, ACLs, bandwidth contracts, etc.
this is for your reference
https://www.arubanetworks.com/techdocs/central/latest/content/aos10x/cfg/cfg-vlan-bridge.htm
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 19, 2023 12:55 PM
From: lbrune
Subject: central dynamic vlan assignment based on client role
Hi all,
I am configuring a wlan with enterprise authentication with dynamic vlan assignment based on client role and the the role is assigned by the Domain User Group.
In wlan > VLANs
I use Traffic forwarding mode = Bridge
In wlans > Access
I use Access rules = Roles Based with Rule Type = VLAN Assignment

Please
What should I use
In wlan > VLANs
as Client VLAN Assignment ??
Should I use Dynamic? and what Attribute ?
Thank you