Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Split Tunnel RAP - Role based VLAN?

This thread has been viewed 5 times

  • 1.  Split Tunnel RAP - Role based VLAN?

    Posted May 27, 2020 07:12 PM

    Does anyone know if it is possible to use dynamic VLAN assignment with ClearPass for a RAP virtual-ap profile in split-tunnel mode?

     

    Example VAP config:

     

    wlan virtual-ap "CORP_RAP"
    aaa-profile "CORP_aaa_prof"
    vlan 999
    forward-mode split-tunnel
    ssid-profile "CORP_RAP_ssid_prof"
    broadcast-filter all

    !

    user-role A
    access-list session allowall
    vlan 111
    !
    user-role B
    access-list session allowall
    vlan 222

     

    ClearPass would return role A or B which sets a different VLAN.

     

    The documentation says named VLANs and VLAN pooling aren't allowed with split-tunnel mode + RAP, but can't see anything to say this wouldn't work?



  • 2.  RE: Split Tunnel RAP - Role based VLAN?
    Best Answer

    Posted May 27, 2020 07:33 PM
    Yes it is valid to return a VLAN ID from ClearPass while using a split-tunnel VAP



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: Split Tunnel RAP - Role based VLAN?

    Posted Jul 16, 2020 01:09 AM

    This doesn't appear to work - the below post mentions that this isn't possible?

     

    https://community.arubanetworks.com/t5/Security/VLAN-derivation-on-split-tunnel-RAP/td-p/236334