Security

We will be using 802.1x authenticaitonon Aruba controller with 802.1 and authentication server being Radius NPS. We have already implemented NPS authentication on the wired LAN with slightly different rules. 

I have managed to get user machines to authenticate, however the problem I had is that user attributes like user role, vlan etc. are derived from the NPS policies and implemented for each user individually after user authenticates. I end up in a mess and we can not make any changes on the NPS policy as it is already in use in the wired LAN. 

I am struggling ot set up the Aruba controller to ignore all NPS atributes and only use it  to authenticate/reject users.

Can you pleae help? 

You can duplicate the policies in NPS (connection request policy, etc) and then restrict the new one to service-type Wireless and your controller's NAS-IP. Then you can make changes to the ruleset that won't affect wired. 


Thanks, 
Tim

Tim, thank you for your response. Is there an option just to get accept/reject from the NPS and ignore all other policies, which I will configure locally on the controller?

It is different team dealing with the NPS and is a bit harder to get things done.