Manualshelf

Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(
191192193194195196197198199200
VLAN Assignment Based on Derivation Rules
When an external RADIUS server is used for authentication, the RADIUS server may return a reply message for
authentication. If the RADIUS server supports return attributes, and sets an attribute value to the reply message, the
IAP can analyze the return message and match attributes with a user pre-defined VLAN derivation rule. If the rule is
matched, the VLAN value defined by the rule is assigned to the user. For a complete list of RADIUS server
attributes, see RADIUS Server Authentication with VSA on page 151.
Figure 59 Configuring RADIUS Attributes on the RADIUS Server
User Role
If the VSA and VLAN derivation rules are not matching, then the user VLAN can be derived by a user role.
VLANs Created for an SSID
If the VSA and VLAN derivation rules are not matching, and the User Role does not contain a VLAN, the user VLAN
can be derived by VLANs configured for an SSID or Ethernet port profile.
Configuring VLAN Derivation Rules
The users are assigned to a VLAN based on the attributes returned by the RADIUS server after the users
authenticate.
You can configure VLAN derivation rules for an SSID profile by using the Instant UI or CLI.
In the Instant UI
1. Perform the following steps:
Aruba Instant 6.4.0.2-4.1 | User Guide Roles and Policies | 197