Wireless Access

Hi there, 

We have Aruba Instant and a Windows Radius server doing the authentication for student users using a CP. I was hoping to use the SSID in the Calling Station ID parameter to give specific AD groups access to certain SSIDs. However, it doesn't seem like the radius server is receiving the SSID as part of that parameter at this time. I had a read and found some articles stating that it just a tick box or a command line to enable this option for the authentication server but I can't see if/how I can do this from our Aruba Instant Virtual Controller. 

Anybody know if this is possible or one of them things not available to us?

Thanks

Jimmy

By default Instant APs will always send the SSID in Aruba RADIUS attribute "Aruba:Aruba-Essid-Name  " so you can add Aruba VSA to your RADIUS server. and then use this radius attrib.

Hi there, 

We have Aruba Instant and a Windows Radius server doing the authentication for student users using a CP. I was hoping to use the SSID in the Calling Station ID parameter to give specific AD groups access to certain SSIDs. However, it doesn't seem like the radius server is receiving the SSID as part of that parameter at this time. I had a read and found some articles stating that it just a tick box or a command line to enable this option for the authentication server but I can't see if/how I can do this from our Aruba Instant Virtual Controller. 

Anybody know if this is possible or one of them things not available to us?

Thanks

Jimmy

The Windows NPS server cannot filter for "Aruba-Radius-Attributes" in the policy, but only for standard-radius-attributes.

Edit the authentication server profile and set the NAS-Identifier property to a specific value.

Create a filter in the network policy in the NPS using this specific value as condition.

This ensures that this policy only processes authentications for a specific SSID.

If you are using multiple SSIDs with 802.1X or MAC-Auth, create a separate authentication server profile for each SSID, set the NAS-Identifier in each profile to a different value, e.g. to the SSID name. Then you can check this value in each network policy and always have a dedicated policy for each SSID.

By default Instant APs will always send the SSID in Aruba RADIUS attribute "Aruba:Aruba-Essid-Name  " so you can add Aruba VSA to your RADIUS server. and then use this radius attrib.

Hi there, 

We have Aruba Instant and a Windows Radius server doing the authentication for student users using a CP. I was hoping to use the SSID in the Calling Station ID parameter to give specific AD groups access to certain SSIDs. However, it doesn't seem like the radius server is receiving the SSID as part of that parameter at this time. I had a read and found some articles stating that it just a tick box or a command line to enable this option for the authentication server but I can't see if/how I can do this from our Aruba Instant Virtual Controller. 

Anybody know if this is possible or one of them things not available to us?

Thanks

Jimmy

The Windows NPS server cannot filter for "Aruba-Radius-Attributes" in the policy, but only for standard-radius-attributes.

Edit the authentication server profile and set the NAS-Identifier property to a specific value.

Create a filter in the network policy in the NPS using this specific value as condition.

This ensures that this policy only processes authentications for a specific SSID.

If you are using multiple SSIDs with 802.1X or MAC-Auth, create a separate authentication server profile for each SSID, set the NAS-Identifier in each profile to a different value, e.g. to the SSID name. Then you can check this value in each network policy and always have a dedicated policy for each SSID.

By default Instant APs will always send the SSID in Aruba RADIUS attribute "Aruba:Aruba-Essid-Name  " so you can add Aruba VSA to your RADIUS server. and then use this radius attrib.

Hi there, 

We have Aruba Instant and a Windows Radius server doing the authentication for student users using a CP. I was hoping to use the SSID in the Calling Station ID parameter to give specific AD groups access to certain SSIDs. However, it doesn't seem like the radius server is receiving the SSID as part of that parameter at this time. I had a read and found some articles stating that it just a tick box or a command line to enable this option for the authentication server but I can't see if/how I can do this from our Aruba Instant Virtual Controller. 

Anybody know if this is possible or one of them things not available to us?

Thanks

Jimmy

You can always add Aruba VSA to NPS.

see this post 

The Windows NPS server cannot filter for "Aruba-Radius-Attributes" in the policy, but only for standard-radius-attributes.

Edit the authentication server profile and set the NAS-Identifier property to a specific value.

Create a filter in the network policy in the NPS using this specific value as condition.

This ensures that this policy only processes authentications for a specific SSID.

If you are using multiple SSIDs with 802.1X or MAC-Auth, create a separate authentication server profile for each SSID, set the NAS-Identifier in each profile to a different value, e.g. to the SSID name. Then you can check this value in each network policy and always have a dedicated policy for each SSID.

By default Instant APs will always send the SSID in Aruba RADIUS attribute "Aruba:Aruba-Essid-Name  " so you can add Aruba VSA to your RADIUS server. and then use this radius attrib.

Hi there, 

We have Aruba Instant and a Windows Radius server doing the authentication for student users using a CP. I was hoping to use the SSID in the Calling Station ID parameter to give specific AD groups access to certain SSIDs. However, it doesn't seem like the radius server is receiving the SSID as part of that parameter at this time. I had a read and found some articles stating that it just a tick box or a command line to enable this option for the authentication server but I can't see if/how I can do this from our Aruba Instant Virtual Controller. 

Anybody know if this is possible or one of them things not available to us?

Thanks

Jimmy