Cloud Managed Networks

last person joined: yesterday 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

How to define user BW using RADIUS Attributes (not Roles)

This thread has been viewed 8 times

  • 1.  How to define user BW using RADIUS Attributes (not Roles)

    Posted Sep 06, 2019 08:47 AM

    Hi,

     

    We have developed a Solution in CLOUD for professional WiFi scenarios (External Captive portal, External RADIUS, etc...) and we are starting to integrate our solution with ARUBA equipment.  

     

    I am checking all the RADIUS attributes that the ARUBA APs support ( #show radius-attributes on CLI) and I don´t find any of them related to the Bandwith Speed or with the volume.

     

    For integrations with similar systems such as Purple, the suggested way of proceeding is creating user Profiles in ARUBA CENTRAL and sending the Role via RADIUS, but this is not the most convenient way of proceeding for us as we don´t want to define the profiles in ARUBA CENTRAL; just in our platform, and send them to the users via RADIUS.

     

    The volume could also be controlled with RADIUS CoA, but would be nice if it could be passed to the user too (the accounting packet interval we use is 300s)

     

    With other vendors we use parameters such as WISPR-Bandwidth-Max-Down, WISPR-Bandwidth-Max-Up, Maximum-Data-Rate-Downstream,…. Mikrotik-Rate-Limit, Mikrotik,-Recv-Limit, etc...  There is no equivalent parameters for ARUBA?

     

    I attach the supported attributes in our Laboratory IAP-205H

    AP_MADRID# show radius-attributes 
     
    Radius Attributes
    -----------------------
    AP-Group
    AP-Name
    ARAP-Features
    ARAP-Security
    ARAP-Security-Data
    ARAP-Zone-Access
    Acct-Authentic
    Acct-Delay-Time
    Acct-Input-Gigawords
    Acct-Input-Octets
    Acct-Input-Packets
    Acct-Interim-Interval
    Acct-Link-Count
    Acct-Multi-Session-Id
    Acct-Output-Gigawords
    Acct-Output-Octets
    Acct-Output-Packets
    Acct-Session-Id
    Acct-Session-Time
    Acct-Status-Type
    Acct-Terminate-Cause
    Acct-Tunnel-Packets-Lost
    Add-Port-To-IP-Address
    Aruba-AP-Group
    Aruba-AP-IP-Address
    Aruba-AS-Credential-Hash
    Aruba-AS-User-Name
    Aruba-Admin-Path
    Aruba-Admin-Role
    Aruba-AirGroup-Device-Type
    Aruba-AirGroup-Shared-Group
    Aruba-AirGroup-Shared-Role
    Aruba-AirGroup-Shared-User
    Aruba-AirGroup-User-Name
    Aruba-AirGroup-Version
    Aruba-Auth-SurvMethod
    Aruba-Auth-Survivability
    Aruba-CPPM-Role
    Aruba-Calea-Server-Ip
    Aruba-Device-Type
    Aruba-Essid-Name
    Aruba-Framed-IPv6-Address
    Aruba-Location-Id
    Aruba-Mdps-Device-Iccid
    Aruba-Mdps-Device-Imei
    Aruba-Mdps-Device-Name
    Aruba-Mdps-Device-Product
    Aruba-Mdps-Device-Profile
    Aruba-Mdps-Device-Serial
    Aruba-Mdps-Device-Udid
    Aruba-Mdps-Device-Version
    Aruba-Mdps-Max-Devices
    Aruba-Mdps-Provisioning-Settings
    Aruba-Named-User-Vlan
    Aruba-Network-SSO-Token
    Aruba-No-DHCP-Fingerprint
    Aruba-Port-Bounce-Host
    Aruba-Port-Id
    Aruba-Priv-Admin-User
    Aruba-Template-User
    Aruba-User-Group
    Aruba-User-Role
    Aruba-User-Vlan
    Aruba-WorkSpace-App-Name
    Authentication-Sub-Type
    Authentication-Type
    CHAP-Challenge
    Callback-Id
    Callback-Number
    Chargeable-User-Identity
    Cisco-AVPair
    Class
    Connect-Info
    Connect-Rate
    Crypt-Password
    DB-Entry-State
    Digest-Response
    Domain-Name
    EAP-Message
    Error-Cause
    Event-Timestamp
    Exec-Program
    Exec-Program-Wait
    Expiration
    Fall-Through
    Filter-Id
    Framed-AppleTalk-Link
    Framed-AppleTalk-Network
    Framed-AppleTalk-Zone
    Framed-Compression
    Framed-IP-Address
    Framed-IP-Netmask
    Framed-IPX-Network
    Framed-IPv6-Pool
    Framed-IPv6-Prefix
    Framed-IPv6-Route
    Framed-IPv6-address
    Framed-Interface-Id
    Framed-MTU
    Framed-Protocol
    Framed-Route
    Framed-Routing
    Full-Name
    Group
    Group-Name
    Hint
    Huntgroup-Name
    Idle-Timeout
    Location-Capable
    Location-Data
    Location-Information
    Login-IP-Host
    Login-IPv6-Host
    Login-LAT-Node
    Login-LAT-Port
    Login-LAT-Service
    Login-Service
    Login-TCP-Port
    Menu
    Message-Auth
    NAS-IPv6-Address
    NAS-Port-Type
    Operator-Name
    Password
    Password-Retry
    Port-Limit
    Prefix
    Prompt
    Proxy-State
    Rad-Authenticator
    Rad-Code
    Rad-Id
    Rad-Length
    Reply-Message
    Requested-Location-Info
    Revoke-Text
    Server-Group
    Server-Name
    Service-Type
    Session-Timeout
    Simultaneous-Use
    State
    Strip-User-Name
    Suffix
    Termination-Action
    Termination-Menu
    Tunnel-Assignment-Id
    Tunnel-Client-Auth-Id
    Tunnel-Client-Endpoint
    Tunnel-Connection-Id
    Tunnel-Medium-Type
    Tunnel-Preference
    Tunnel-Private-Group-Id
    Tunnel-Server-Auth-Id
    Tunnel-Server-Endpoint
    Tunnel-Type
    User-Category
    User-Name
    User-Vlan
    Vendor-Specific
    fw_mode
    dhcp-option
    dot1x-authentication-type
    mac-address
    mac-address-and-dhcp-options
    pre-tagged-vlan-id


  • 2.  RE: How to define user BW using RADIUS Attributes (not Roles)

    EMPLOYEE
    Posted Sep 06, 2019 09:53 AM

    User roles are the core access enforcement mechanism for Aruba wired and wireless. You can add these enforcements to a user role.



  • 3.  RE: How to define user BW using RADIUS Attributes (not Roles)

    Posted Sep 09, 2019 04:00 AM

    I know.

     

    My question was: can I use RADIUS parameters to control BW and volume using RADIUS parameters instead of User Roles, so if I want to change a User Plan I do not need to edit the User Role in Aruba Central, just change the value passed by the RADIUS?



  • 4.  RE: How to define user BW using RADIUS Attributes (not Roles)

    Posted Sep 24, 2019 12:03 PM

    Hi,

     

    No suggestions about this? Any ideas?

     

    Thanks in advance



  • 5.  RE: How to define user BW using RADIUS Attributes (not Roles)

    Posted Oct 24, 2019 10:21 AM

    Hi Aruba staff,

     

    Could you please answer to this question, any ideas?

     

    There is a big lack of information about RADIUS implementations, which is crucial for integration with third party companies such as External Captive Portals.

     

    Any clue about this issue will be appreciated.



  • 6.  RE: How to define user BW using RADIUS Attributes (not Roles)
    Best Answer

    EMPLOYEE
    Posted Oct 24, 2019 10:37 AM

    To be clear, if you want to enforce the sustained bandwidth, there is no enforcement mechanism outside a role, so you would need to use a role.  If you want to enforce the total bandwidth, that is outside of the Wireless LAN controller and would have to be done with the radius server with a combination of interim radius accounting and a COA from the radius server to disconnect the user after.



  • 7.  RE: How to define user BW using RADIUS Attributes (not Roles)

    Posted Oct 24, 2019 10:39 AM

    Thanks cJoseph. I don´t like it, but that's exactly the answer I was looking for.