Wireless

 View Only
last person joined: 21 hours ago 

Back to discussions
Expand all | Collapse all

Unable to configure dynamic VLAN assignment on IAP

This thread has been viewed 30 times

  • 1.  Unable to configure dynamic VLAN assignment on IAP

    Posted Jun 16, 2023 05:23 AM

    Hi guys,

    I had an SSID using PSK, and now I want to use it with WPA2 Enterprise. I was able to change the Key Management from WPA2 Personal to WPA2 Enterprise, and set the authentication servers. But when I want to change Client VLAN Assignment from Default to Dynamic and click on Apply, the screen returns to Default:

    After clicking on Apply:

    Also I noticed when I want to change the Access from Unrestricted to Role-based I have the same issue, when I click on Apply, the screens returns to Unrestricted:

    Why I have these problems? I have tried creating a new SSID and I still have the same two problems. Please your help.



    ------------------------------
    Regards,
    Julian
    ------------------------------


  • 2.  RE: Unable to configure dynamic VLAN assignment on IAP

    Posted Jun 27, 2023 04:19 AM

    Hi guys,

    Any idea?



    ------------------------------
    Regards,
    Julian
    ------------------------------

    Original Message


  • 3.  RE: Unable to configure dynamic VLAN assignment on IAP
    Best Answer

    EMPLOYEE
    Posted Jun 27, 2023 07:49 AM

    If you select dynamic VLAN assignment, you would need to create at least one VLAN Assignment Rule. If you return the VLAN through the RADIUS Aruba-User-VLAN attribute, you can leave this setting to whatever as even with Default (untagged on the AP) or Static (tagged from the AP) the Aruba-User-VLAN attribute will override that configuration. If you need another attribute to set the VLAN, you can do that with a VLAN Assignment Rule (is the VLAN).

    Similar to your Role-based, if you don't have any Role assignments, it bumps back to Unrestricted. You can set Network Based with a basic/locked policy then use the Aruba-User-Role VSA to override that. Or use assignment rules (and I think Aruba-User-Role still overrides that).



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 4.  RE: Unable to configure dynamic VLAN assignment on IAP

    Posted Jun 27, 2023 05:18 PM

    Hi Herman,

    You are right as always! Within the huge list of attributtes, I didn't realize about the Aruba-User-Vlan attribute, and that I can make a VLAN assignment rule like this:

    Once done, I can configure dynamic VLAN assignment. It is curious because since I couldn't configure dynamic VLAN assignment, I left the VLANs section as Static, and doing tests I realized the VLAN assigned was the VLAN sent from CPPM. And this is as you say, the Aruba-User-Vlan attribute will override this configuration.

    Same for the Access section.

    Thanks a lot!



    ------------------------------
    Regards,
    Julian
    ------------------------------

    Original Message