Wireless Access

Hi,

Is it possible to have one SSID and direct the user to different VLANs based on the return of Radius authentication?

I'm using the bridge mode configuration.

Yes you can , what radius server are you using ?

We use Microsoft NPS server and 802.1x authentication (EAP-TLS).

And in the NPS policy you can speficy the filter-id you want to send back

Attachment(s)

Using+Microsoft+Windows+2008+Server+With+Aruba.pdf   1.01 MB 1 version

Thank you Victor.

We will try this.

One more question.

If I create the server rules to set the correct vlan, do I need to set the vlan at the Virtual AP configuration?

Unless you want to authenticated user that's not included in the server rules to get a default (VLAN) then you don't. 

If I set at NPS a rule with an attribute as this:

Name: Vendor-Specific

Attribute number: 26

Vendor Code: 14823

Vendor assigned attribute number: 2

Atribute format: Decimal

Atribute value: 64

Do I need to create a server rule with the same attributes at the server group profile on controller?like this: set vlan condition Class equals "64" set-value 64