Wireless Access

A customer has come up with an idea we need to implement.

Basically, he wants to be able to apply  bandwidth controlls to his guest-users.

Thing is, he wants to be able to set the bandwidth profile per user to one of the few bandwidth profiles..

I was thinking about having the radius server retun the Aruba-User-Roleattribute. I know this works for WPA authentication, but can somebody configrm this also works when its a captive portal doing the request? Does it still pass the role onto the user?

Is any aditional config needed to get this working?

Are the guest users located in the local database or radius?

They can be in both. 

Idea is to have a failthrough from radius to internal so we do need the radius to retun the role attribute.

Just changing the role attached to an internal user is not enough :)

Okay.

This does work with Captive Portal users, as well.  In the radius server, if you have a remote access policy allowing guests, just have it return an attribute and a value, like filter-id.  Attached to the Captive Portal authentication profile, there is a server group.  In that server group, add a server rule that looks for the attribute and the value above and it will change the role to whatever you want it to be.  

Use the article here:  http://kb.arubanetworks.com/cgi-bin/arubanetworks.cfg/php/enduser/std_adp.php?p_faqid=826 to see what attributes are being sent back to the controller.