Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP-205 with NPS and AD Groups as ACLs

This thread has been viewed 0 times

  • 1.  IAP-205 with NPS and AD Groups as ACLs

    Posted May 13, 2017 12:56 AM
    Hello all,

    I have the following Wireless infrastructure:
    IAP 205 -> 3 Hidden SSIDs -> Auth via NPS RADIUS.

    The issue I am facing that Ive created 3 Active Directory groups called:
    IT
    Sales
    RnD

    And also created 3 NPS rules with the same name as those groups above.
    How can I tell Aruba or the NPS that only users in IT can join the IT SSID and Sales to Sales and so on.. Because right now IT can join Sales and RnD, and Sales can join IT and RnD and so on..

    Thank you all


  • 2.  RE: IAP-205 with NPS and AD Groups as ACLs

    MVP EXPERT
    Posted May 13, 2017 05:00 AM

    The easiest way to achieve this would be using RADIUS attributes and the Aruba-Essid-Name attribute sent in the RADIUS packet. So your NPS policy would only send an ACCEPT if the Aruba-Essid-Name was correct. However somes NPS do not support some RADIUS attrbiutes. If not you can use the following work around below, this is for a physical controller based solution however the concept is still the same for Instants.

     

    http://community.arubanetworks.com/t5/Security/Two-SSID-s-using-802-1x-authentication-with-same-Radius-server/td-p/39038