Instant On - Wireless

 View Only
  • 1.  Using NPS to determine group for VLAN membership

    Posted 16 days ago
    Hi,

    I've recently switched to Aruba 615 running Instant. I wanted to move from PSK to Enterprise - which worked really good. I've since successfully enabled NPS Authentication but I struggle to implement the following:

    1 Profile(SSID) with the following settings:
    - User authentication using the Windows Credentials (works based on call-in settings or group membership)
    - Depending on Group-membership they are role assigned a diffent VLAN (don't know how, I can't seem to reply a group)

    Any help?

    Thanks in Advance!

    ------------------------------
    Peter Breuer
    ------------------------------


  • 2.  RE: Using NPS to determine group for VLAN membership

    Posted 15 days ago
    Hi Peter.

    You will need to send this question in Airheads Security forum.


    You need to send Aruba Radius attribute Aruba-User-Role in radius response. Also your RADIUS server need to have an Aruba RADIUS dictionary.

    Aruba-User-Role is a string, where you provide Aruba Instant Role. In the role you define VLAN and other security attributes. Role is defined on AP under Security / Role.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------