Wireless Access

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Occasional Contributor II

server derived rule for a vlan

Hi,

Can I have server derived vlan (server rule) for a specific group of users in a SSID which is configured with vlan setting as a pool of vlans, we use NPS for .1x authentication. If yes, could help us with the configuration both in controller as well as RADIUS.

 

Thanks

 


Accepted Solutions
Highlighted
Guru Elite

Re: server derived rule for a vlan

Nothing like that.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post


All Replies
Highlighted
Guru Elite

Re: server derived rule for a vlan

New in ArubaOS 6.3, you can assign a VLAN pool to a server derivation rule.  From the 6.3 release notes:

 

VLAN Derivation from Named VLAN Pools


Named VLANs can be configured under user rule, server derivation, user derivation, and VSA in this release. Previously, only single VLAN ID names supported the above.

You cannot modify a VLAN name so choose the name carefully.

Named VLANs (single VLAN IDs or VLAN pools) can only be assigned to tunnel mode VAP’s and wired profiles. They can also be assigned to user roles, user rule derivation, server derivation, and VSA for tunnel and bridge mode. 

 

There are two parts to this:

 

1- Configuring NPS to send back an attribute based on a user group:  http://community.arubanetworks.com/t5/Campus-WLAN-and-High-Density-Wi/Assigning-users-different-vlan-subnet-based-on-AD-group/td-p/59210

 

2- Writing a server derivation rule to put users in a named VLAN pool based on that attribute.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: server derived rule for a vlan

Thank you Joseph for the reply, I would like to stress that I don't need a vlan pool in server derived rule, just one vlan is sufficient, but the SSID is already set for a vlan pool (vlan setting under SSID properties), now could you advise.

 

Thanks

 

Highlighted
Guru Elite

Re: server derived rule for a vlan

Then you need the first link that describes how to send back the attribute.  You then write a server derived rule to change the VLAN or role based on that returned attribute from NPS.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: server derived rule for a vlan

Hi,

 

Will this set up works if SSID vlan setting is already configured for vlan pool.

 

thnaks

Highlighted
Guru Elite

Re: server derived rule for a vlan

The server derivation rule overrides that setting as an exception.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: server derived rule for a vlan

override happens only if computer + user authentication succedes ?, anything like that ?

Highlighted
Guru Elite

Re: server derived rule for a vlan

Nothing like that.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: