Wireless Access

 View Only
last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

One SSID, Multiple Groups and Multiple VLANs

This thread has been viewed 10 times

  • 1.  One SSID, Multiple Groups and Multiple VLANs

    Posted Mar 25, 2015 01:28 PM

    Is it possible to implement the following scenario using Aruba Controller and Microsoft NPS.

    I would like to use one SSID and put users to a different vlan using their AD Group membership. I know this is working I have tested it, but what if we have multiple buildings and they are using different VLAN IDs?

     

    For example

    Building 1

    AD Group Sales --> VLAN ID 10

    AD Group Engineer --> VLAN ID 11

    AD Group Marketing --> VLAN 12

     

    Building 2

    AD Group Sales --> VLAN ID 20

    AD Group Engineer --> VLAN ID 21

    AD Group Marketing --> VLAN 22

     

    and so on.

     

    What is the best way to separate buildings in this configuration? Is it possible to use for example AP Group as NAS Identifier or something similar? Then I could create specific rule in NPS.

     

    Is this possible?

     



  • 2.  RE: One SSID, Multiple Groups and Multiple VLANs

    Posted Mar 25, 2015 04:21 PM

    I figured this out. Just duplicate the radius server settings and create a new server group for every building. Define different NAS ID for every building. After that it is just creating NPS network policies.

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Two-SSID-s-using-802-1x-authentication-with-same-Radius-server/td-p/39038

     

    Any other options to implement this?



  • 3.  RE: One SSID, Multiple Groups and Multiple VLANs

    EMPLOYEE
    Posted Mar 25, 2015 06:53 PM

    Without ClearPass, that is your option.