Security

Reply
Frequent Contributor I

Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

Hi all,

I tried using a 'VLAN enforcement' template under Enforcement Profile.

But this is IETF based, and looks like this,

 

Type                        Name                                    Value
Radius:IETF            Session-Timeout                  10800
Radius:IETF            Termination-Action               RADIUS-Request (1)
Radius:IETF            Tunnel-Type                         VLAN (13)
Radius:IETF            Tunnel-Medium-Type           IEEE-802 (6)
Radius:IETF            Tunnel-Private-Group-Id      Enter VLAN --> I have purely entered the vlan id here

 

But I can't get it to work with an IAP/CPPM deployment.

 

The Radius type of 'Radius:Aruba', Attribute: 'Aruba-User-Vlan' works fine.

 

But id rather implement IETF type.... I'm going on the template offered by CPPM.. Should I be choosing other attributes ?

Guru Elite

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

The Aruba-User-Vlan option is recommended with Aruba equipment.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

Implying it will not literally work, period, with IETF Radius attributes ?

Guru Elite

Re: Aruba IAP RADIUS backhauled to CPPM; VLAN enforcement

It should, but the Aruba VSA is one attribute vs 4+ for the IETF one. 

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: