Security

I am trying to get my clients to use IP addresses assigned in my external Radius server, the IP address is getting returned by the AAA server, but the IP is ignored, and a DHCP address is given to the client (or none if no DHCP on the subnet).

Am I missing something basic here, I certainly assume this is possible. 

I can get the client assigned to the correct VLAN etc using server rules, but as I say the AAA defined IP for the client is ignored, is it something to do with the RFC 3576 option?

Regards

Andrew

What method are you using?

Not sure I follow what you mean by what method, on the AAA server end?

How are you configuring things to return an ip address to the client?  Radius server assigned ip addresses normally only work with PPP or PPPOE connections, not 802.1x

Good point, sorry I have the wrong hat on today...

You can send back a Aruba-Named-User-VLAN VSA to the controller to achieve the same thing http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Network_Parameters/About_VLAN_Assignments.htm

You need to:

Define a named Vlan or pool on your master controller

Map that name to a vlan or range of vlans on the local controller

Return a Aruba-Named-User-VLAN VSA matching that Vlan pool/name to the controller Via the radous server

 This is supported in ArubaOS 6.3 and above.  To see if your version of ArubaOS can handle that attribute, run the following command:

(192.168.1.3) #show aaa radius-attributes | include Aruba-Named-User-Vlan
Aruba-Named-User-Vlan             9      String       Aruba      14823