Wireless Access

Hi,

 

I am using Aruba 7200 controller & CPPM for my Wireless network. There are 14 branches connected over the MPLS network.

Aruba controller , CPPM & DHCP are located in Data center. Every branch has different IP address range. We have dot1x switches.

 

Now we want to achieve following requirement for wired network.

 

1) If the user & device is the part of domain then it should get that respective vlan IP address.

    (How CPPM will identify requestor come from which branch & assign the IP address?)

 

2) How DHCP will provide IP address to user?

 

Kindly suggest me how can i achieve this requirement.

 

 

Thanks in advance,

Nikhil.

 

 

 

You could do this by using NAS IP of the switch (incoming radius request)

For the domain machines, you can use the built in [Machine Authenticated] role to assign a role. This role will automatically be assigned when a computer successfully machine authenticates to AD.

 

You can either assign the VLAN directly by returning it from ClearPass or tie a VLAN to a user role. Then the client will get an address in that subnet.

I will not create user group on CPPM cause if user went to other location branch then he should get that respective branch vlan IP address.

 

Ho can i achieve this?

I assume you have a different AP group in each location? You can use the AP
group to return specific information for only clients joined to an AP in
that group.

 

Sorry, forgot you were using switches. Use similar logic but instead of Aruba location-ID, use the NAD IP address of each switch.

Okay... I got the CPPM rule configuration part. But what about vlan assignment? Shall i create rule for vlan for respective branch.

Hi,

 

I have configured service for Wired 802.1x with NAD IP Rule. I have got domain user request in "Access tracker"  In request detail service, role & enforcement correctly getting.

On my hp switch radius authentication status - accept. I hv configured ip-hleper on router for DHCP server and CPPM. IP pool configured on DHCP server.

 

But still IP Address is not getting to domain user.

 

Kindly suggest the solution....

 

Thank You..

Hi,

 

CPPM wired configuration has been done. User request and getting correct role.

Radius authentication status - Accept, but still i am not getting ip on my PC.

 

(Please find radius authentication status in next post)

 

I have L2 hp switch. i have configred vlan 1 on my hp switch & IP - helper on Cisco router for CPPM and DHCP Server.

IP pool configured on DHCP Server. They are able to reach each othre.

But still not getting IP on PC.

 

Kindly help to resolve the issue.

 

Thanks..

I would suggest that you double check your settings on the HP switch. And in your response to the switch are you send an accept or are you sending a VLAN assignment?

 

I believe HP wont understand an accept it needs to be a VLAN in a format that it understands.

 

Thanks for reply...

I am sending Vlan assignment to hp switch.

Please find hp switch Radius authentication status.

i am searching any other alternative to get IP to user. Or troubleshooting the issue.

 

 

 

 

Try putting the switch in debug and see what is happening.

***** Debugging output *****

<rack4sw1>debugging radius packet
<rack4sw1>display debugging

Radius packet debugging switch is on in slot 1

---- Debugging output with the radius server reachable -----

Thanks for quick reply....

 

Can you please provide me some doc/pdf to regardin configuration.

Shall i create IP pool on DHCP server?