Wireless Access

New Contributor

One SSID, Multiple Groups and Multiple VLANs

Is it possible to implement the following scenario using Aruba Controller and Microsoft NPS.

I would like to use one SSID and put users to a different vlan using their AD Group membership. I know this is working I have tested it, but what if we have multiple buildings and they are using different VLAN IDs?


For example

Building 1

AD Group Sales --> VLAN ID 10

AD Group Engineer --> VLAN ID 11

AD Group Marketing --> VLAN 12


Building 2

AD Group Sales --> VLAN ID 20

AD Group Engineer --> VLAN ID 21

AD Group Marketing --> VLAN 22


and so on.


What is the best way to separate buildings in this configuration? Is it possible to use for example AP Group as NAS Identifier or something similar? Then I could create specific rule in NPS.


Is this possible?


New Contributor

Re: One SSID, Multiple Groups and Multiple VLANs

I figured this out. Just duplicate the radius server settings and create a new server group for every building. Define different NAS ID for every building. After that it is just creating NPS network policies.




Any other options to implement this?

Guru Elite

Re: One SSID, Multiple Groups and Multiple VLANs

Without ClearPass, that is your option.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: