Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Configuring NPS and IAP for VLAN assignment

This thread has been viewed 16 times

  • 1.  Configuring NPS and IAP for VLAN assignment

    Posted Nov 10, 2017 04:57 PM

    I have dug around a lot on this community and have tried various things yet still running into some issues, hoping for some guidance. 

     

    We have our employee SSID which is configured for Active Directory authentication through NPS and that is working. The second SSID is for testing VLAN assignment, and once that is working will deprecate the other. 

     

    I have been trying to set up passing aruba-user-vlan from NPS server (which is configured per other Airhead articles) to clients connecting to APs. However, when running logs under the Instant GUI>Support I am finding that the client in question is getting assigned the default VLAN 1. 

     

    I have the SSID configured for dynamic VLAN assignment with the aruba-user-vlan attribute (as the VLAN). 

     

    On Cisco switches, native VLAN is set and all other VLANs I want to pass traffic as well, all ports the APs connect to are dot1q trunked. 

     

    Any other ideas? 



  • 2.  RE: Configuring NPS and IAP for VLAN assignment

    EMPLOYEE


  • 3.  RE: Configuring NPS and IAP for VLAN assignment

    Posted Nov 10, 2017 05:31 PM

    cjoseph, thank you for linking that article...I have that and like three others similar to that open, have gone through and verified my configuration. 

     

    Any other ideas?



  • 4.  RE: Configuring NPS and IAP for VLAN assignment

    EMPLOYEE
    Posted Nov 10, 2017 05:39 PM

    I would check to see what attributes you are getting back:

    config t
    logging level debugging security process authmgr
    logging level debugging security subcat aaa

     

    Authenticate and then type "show log security 50" to see what the radius server is sending.



  • 5.  RE: Configuring NPS and IAP for VLAN assignment

    Posted Nov 10, 2017 05:47 PM

    I have tried that as well. When I log into the CLI and `config t` and then try to run the logging commands, it appears those are not acceptable commands on my platform. When I do a `show version` I am getting "ArubaOS  (MODEL: 225), Version 6.5.4.2." Is there some other way to see what, if any, attributes are being passed?



  • 6.  RE: Configuring NPS and IAP for VLAN assignment

    EMPLOYEE
    Posted Nov 10, 2017 06:55 PM

    Try this:

     

    show log user-debug

     

     



  • 7.  RE: Configuring NPS and IAP for VLAN assignment

    Posted Nov 13, 2017 01:22 PM

    Hello,

    That is not showing any data....I am assuming because I am not actively debugging a client? How may I do that? Seems strange the CLI is so sparse on the virtual controller stuff...



  • 8.  RE: Configuring NPS and IAP for VLAN assignment

    EMPLOYEE
    Posted Nov 13, 2017 01:55 PM

    You should start by using NT radping, to see if you are receiving any attributes back.  When that happens, you should then test on the live IAP system.  

    https://www.novell.com/coolsolutions/tools/14377.html

    https://support.secureauth.com/hc/en-us/articles/115000594347-How-To-Test-RADIUS-Using-NTRadPing