Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Radius Authentication with Aruba Controller

This thread has been viewed 2 times

  • 1.  Radius Authentication with Aruba Controller

    Posted Nov 19, 2014 08:09 AM

    authentication with External Radius Server is our senerio 

    radius server return packet to controller with the assigned vlan to the user after authentication process complete 

    For specific SSID can we handle the vlan assignment by the controller after authentication process complete by the external radius 

    Kindly advice ASAP

    thanks

    Ess Lam 



  • 2.  RE: Radius Authentication with Aruba Controller

    EMPLOYEE
    Posted Nov 19, 2014 08:11 AM
    Yes, do you have the Aruba radius dictionary installed?


  • 3.  RE: Radius Authentication with Aruba Controller

    Posted Nov 19, 2014 08:23 AM

    thanks for your replay 

    no , it is not installed yet 

    how can i find it ?

    how this will help me ?

     

     

     



  • 4.  RE: Radius Authentication with Aruba Controller

    EMPLOYEE
    Posted Nov 19, 2014 09:23 AM
    What radius server are you using?


  • 5.  RE: Radius Authentication with Aruba Controller

    Posted Nov 23, 2014 04:49 AM

    juniper unified access control 

    is there is any document explaining Aruba radius dictionary ?



  • 6.  RE: Radius Authentication with Aruba Controller

    EMPLOYEE
    Posted Nov 23, 2014 05:13 AM

    You would have to search juniper's website on how to install the Aruba radius dictionary. 

     

    The attribute you should return from Juniper UAC to set the user Vlan is "Aruba-User-Vlan"           



  • 7.  RE: Radius Authentication with Aruba Controller

    Posted Nov 23, 2014 08:16 AM

    As i explained in first massage i want this senrio for specific ssid , not for all returned attribute from radius server ,how can i manage that ?

    Radius server return Vlan ID for all user while in one SSID , i want to assign the vlan id from controller 

     



  • 8.  RE: Radius Authentication with Aruba Controller
    Best Answer

    EMPLOYEE
    Posted Nov 23, 2014 08:46 AM

    - you need to load the Aruba radius VSA on the Juniper Device.

     

    Next, you will need to check on the Juniper if the "Aruba-Essid-Name" attribute matches the SSID that you want to deal with.  You will then have to return the "Aruba-User-Vlan" attribute with the VLAN that you want the user to be in.

     

    You cannot accomplish this without loading the Aruba radius VSA into your Juniper radius server.  



  • 9.  RE: Radius Authentication with Aruba Controller

    Posted Dec 01, 2014 07:36 AM
    after installing Aruba radius dictionary in juniper unified Access control there is no option to define user by SSID name i can't make policy or role to return "Aruba-User-Vlan" is there is any idea of How to Assign Vlan from controller while the radius Return Attribute with assigned vlan , i tried to use server group rule but it didn't work kindly Advice


  • 10.  RE: Radius Authentication with Aruba Controller

    EMPLOYEE
    Posted Dec 01, 2014 07:43 AM

    You should contact Juniper for the answers to those questions.  http://kb.juniper.net/InfoCenter/index?page=answers&type=search&searchid=1259419773780&question_box=aruba&cntnt=Knowledge_Base&cntnt=Technical_Documentation

     

     

     Maybe someone uses Juniper UAC and can reply here.