i have a scenario where i integrated the ssid with authentication using radius for LDAP users. I the integration works fine and AD credentials work and staff is able to authenticate and access internet. However when trying to access things like share folders on windows server and RDP to servers it doesnt work. I am hoping for a solution and insights. This will be appreciated.
This sounds either like a DNS problem (your SSID has DNS that performs external name resolution only, or the domain suffix list returned by DHCP does not include your internal domain), or the role assigned to the device on the SSID is blocking access to Kerberos or just to internal IP's generally.
Initially, there are a lot of questions which arise from your description.
Quick question, are the network resources they are trying to reach on the same subnet as the clients, and if so, is intra-VLAN traffic permitted on the SSID? I'm thinking there is a new knob in the firmware somewhere that isn't set properly.
(409) 454-7250 - cell
Where can i check on the intra vlan traffic? on the SSID?
Also the SSID is on tunnel mode. Should that be correct since we are doing 802.1x authentication.
On Central/IAP, they call it Deny Intra-VLAN and it is per-SSID, but on AOS8 I think they call it Deny Inter User Bridging / Deny Inter User Traffic and it's in the global firewall settings.
Regarding the tunnel mode question, I guess it would depend on your particular situation. For orgs that are large or fragmented and do not have good control over the layer 2 infrastructure (or the layer2 infrastructure has an inconsistent design), tunneled mode is much easier as the you only need to know the IP of the tunnel server node for RADIUS configuration and VLANs on the tunnel server node for SSID configuration. You can then extend the layer2 over GRE to the AP no matter the crazy underlay where the AP actually is. For orgs with good control over layer 2 and a consistent design across the campus the decision might be a bit murkier; there are arguments either way.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.