RADIUS traffic goes between a network device (Instant AP in your case) and a RADIUS server (NPS in VLAN50).
If your APs are in the (untagged/native) VLAN 1 (192.168.20.0/24), and need to authenticate clients, no matter on which SSID/port, the RADIUS request goes from the management IP of the AP (dhcp assigned) to the RADIUS server. You would need to enter the whole subnet 192.168.20.0/24 as RADIUS client in your NPS/RADIUS-server. If you have enabled dynamic-radius-proxy on your VC, all RADIUS requests are tunneled through the VC and the VC IP address needs to be added as RADIUS client in your NPS.
Note that it's not recommended to mix wireless clients (vlan50) and wired clients/servers (NPS in vlan50) in the same VLAN; but at small scale that may work.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 14, 2024 07:44 AM
From: almaida
Subject: RADIUS server in different VLAN
Hello,
In my system I have a few AP-505, being one of them the virtual controller. The APs are on the 192.168.20.x network which has the VLAN 1. I have several network SSIDs. One of the network SSID is on VLAN 50 and the clients on this network get an IP from the range 192.168.50.x and are currently authenticating with PSK.
I want to change the authentication to RADIUS and the authentication server is a Windows NPS with IP 192.168.50.11 running on VLAN 50.
On the NPS side, I have created RADIUS client identified by an IP address (192.168.50.250 on VLAN 50) and a password, and I have created the proper policies.
On the Virtual Controller, I can't figure out how to setup the RADIUS inside the network settings in order to communicate with a server on a VLAN different from the virtual controller's VLAN. I can't figure out on the Aruba virtual controller where do I setup the IP address (192.168.50.250) that should communicate with the RADIUS server.
Thank you,