Hi All,
I think im having one of those moments - you know the one...were you have tried everything, but then when you step away for an hour or so, you suddenly crack it?
Just incase im not - I thought id post so I can check back in the morning.
Im trying to VLAN tag wireless traffic dependant on AD group, using Windows NPS (Server 2008). I know it works when patched direct because Im doing it with "Wired Auto Config" elsewere in the building.
Down to the technical stuff...
I've added a new Network Policy in NPS with all the settings related to auth and AD groups, but I just cant get my head around the Vendor Specific Attribute (VSA) part.
Having followed Clembos post here:
http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Assigning-users-different-vlan-subnet-based-on-AD-group/m-p/61082/highlight/true#M2011
Im stuck, as he states hat "Attribute format = integer", however Integer isnt an option.
The options available are: "String, Decimal, Hexadecimal, InetAddr, InetAddr6"
I've tried both String and Decimal attribute formats while following the linked topic, but no joy.
The client authenticates but remains stubbornly within the default VLAN.
I know ive missed something daft here :(
NPS Logs for reference:
<Event><Timestamp data_type="4">05/15/2014 16:35:35.056</Timestamp><Computer-Name data_type="1">XXXX3</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Class data_type="1">311 1 192.168.0.3 05/06/2014 14:40:01 107005</Class><EAP-Friendly-Name data_type="1">Microsoft: Secured password (EAP-MSCHAP v2)</EAP-Friendly-Name><Authentication-Type data_type="0">11</Authentication-Type><PEAP-Fast-Roamed-Session data_type="0">1</PEAP-Fast-Roamed-Session><MS-CHAP-Domain data_type="2">01535554544F4E4853</MS-CHAP-Domain><MS-Extended-Quarantine-State data_type="0">0</MS-Extended-Quarantine-State><MS-Quarantine-State data_type="0">0</MS-Quarantine-State><Client-IP-Address data_type="3">xxx.xxx.xxx.x</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Aruba-Master</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections Request</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><Service-Type data_type="0">2</Service-Type><SAM-Account-Name data_type="1">xxxxxxxxx\PCN0417$</SAM-Account-Name><Fully-Qualifed-User-Name data_type="1">xxxxxxxxx\PCN0417$</Fully-Qualifed-User-Name><NP-Policy-Name data_type="1">Staff VLAN4 - Aruba Test</NP-Policy-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Vendor-Specific data_type="2">000039E7020600000004</Vendor-Specific><Framed-Protocol data_type="0">1</Framed-Protocol><Packet-Type data_type="0">2</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
Many thanks,