Wireless Access

Occasional Contributor II

Force client to VLAN



We have a wireless network that is configured with wireless vlan pooling.  Is there a way to force specific client to one of the VLANs?


Thanks in advance!

Re: Force client to VLAN

Why you need to do this?

Is you can explain us maybe we can give you a better solution....


I think you can do it with user role assignment... but still it would be nice if you can explain us your scenario


Product Manager - Aruba Networks
Alternetworks Corp

Re: Force client to VLAN

If this is an 802.1x authenticated network, you could assign the VLAN through a returned attribute and a server derived rule on the controller.   


On the controller you'd configure a server derived rule on the server group and on the RADIUS server you'd configure a rule/policy to assign the Aruba-User-Vlan attribute to that particular user.   The method will vary depending on the RADIUS implementation.


Sample config on the controller.  This will set the VLAN value to whatever is returned in teh Aruba-User-Vlan attribute.


aaa server-group "name-of-server-group"
  set vlan condition "Aruba-User-Vlan" value-of position 1


You could also assign a unique role for that user that would have a VLAN assigned to it.

Systems Engineer, Northeast USA

Occasional Contributor II

Re: Force client to VLAN

Thanks for the responses. 


Basically my problem stems from my web filter.  I need to be able to track web usage by ldap username.  Our webfilter has no support for radius so I can't see anyone authenticating against the Aruba captive portal.  My only option is to ditch the Aruba captive portal for now and use the web filter captive portal.  However, there are specific devices I want to force into a VLAN where I will in turn, create DHCP entries to force an IP by MAC address.  I can white list the devices by IP.  I'm looking at less than 20 devices, so whatever I do is a short term solution until I can get a web filter that has proper radius support, even if it is a clunky option.


Unfortunately, no 802.1x at this time. 

Re: Force client to VLAN

That would be really hard to do

How many users do you have?


You could use a /22 or /23 with drop  broadcast/multicast  and dish while you get a solution the vlan poolin....if you supress broadcast with this option, then its a viable option :)

You will have them all in one vlan... but of course it depends how many users you have?


I send you a private message with a webfilter solution that you can consider.




Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: