Wireless Access


setting a role per wired port / tunnel?

Is it at all possible to set different roles on incoming gre tunnels?


We've got several devices tunneling guest-traffic back to the central controller.

One of the tunnels carries guest-traffic where another carries byod-traffic.


I've set the aaa wired profile to a guest-logon so the guests get redirected to a captive portal but the byod users should be given a different role. Ideally I would be able to simply set different roles to different ports or tunnels but this does not seem the case?


It there any 'clean' way to solve this or will I have to go figure out whether user derivation rules and dhcp option 77 (the only option I can think that doesn't require a lot of 'maintenance') is a possibility?

edit: mm dhcp option 77 doesn't seem to be a sollution either. :smileymad:

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba Employee

Re: setting a role per wired port / tunnel?

You can if you are using different vlans for each tunnel. You can apply the aaa profile right on the vlan itself. For this to go into effect you will need to have the tunnel in your dmz set to the untrusted port. I think this was added in AOS 6.x code when we started tunneling traffic from our LAN switches running tunneled node.


vlan 192 wired aaa-profile "guest-wired-profile"


Search Airheads
Showing results for 
Search instead for 
Did you mean: