Security

Hi my users authenticate thru radius today it is NPS with certain policy set.

I have two sites i want to have one ssid over these two sites but i want my users to end up in different vlans.

So i did a setup in radius configuration i found in aruba there where rules.

first i tred with if they belong and get a filtered id and that worked.

But then i found the attribute ap-name, since all my AP on my two locations is named differently i tought this i can use.

So i set up one rule where it says if AP-NAME starts-with xx-yy then set vlan x and then i had another rule that says if ap-name start-with hh-kk then set vlan hh, but this does not seem to work all my users ends up in the vlan that is configured last in my vlan configuration in the aruba profile.

So my long question, what is this ap-name is it some type of radius attribute or what ?

regards

peter

If your talking vlan switching I would highly recommend not :)  Vlan switching works fine when it works, but when it does not things simply break.

How many different Vlans are you trying to move users to?  Can you be more specific on what you are trying to achieve?

Are you just saying that at site A you want vlan say 100, and at site B vlan 200?  For the same vap profile?

This is easy, just used named vlan pools.  On the master, create the vlan pool name.  On the locals, add the vlan ids, and under the vlan pool names (that will come from master), add the correct vlan id to that pool name.

On your ssid profile under VLAN, instead of using a number just use the name.

We do this for every vap, we never use vlan numbers on any vap profile.