Become a Member
Hi Team,
Would like to know if we can push roles and VLANs from ISE server to controller for bridge mode ssid?
Bridge mode SSID normally checks ap uplink acl and not user role defined in aaa profile, is that correct?
Thank you!
You can send the role with Aruba-User-Role VSA and the user VLAN with Aruba-User-VLAN VSA. The AP uplink ACL only refers to traffic that is coming into the AP unsolicited.
Hi Colin,
Thank you for your response. So can we use VSA for bridge mode SSID as well?
Do we have to map anything in ap uplink acl?
Will SDR work in bridge mode?
Double checking it, VLAN derivation (through VSAs or SDR) do not work in bridge mode, unfortunately: https://community.arubanetworks.com/t5/Controller-Based-WLANs/Which-of-the-derived-vlans-take-priority-if-UDR-MAC-auth-and/ta-p/177432
Sorry for misleading you.
Hi Collin,
Thank you so much for the update. I would like to know if role derivation can be done in bridge mode?
Role derivation, yes.
Thank you for your response. However, from the below link, it is stated VLAN derivation will work from 6.1 but I do not think so. Can you please confirm?
Feel free to open a support case with technical support. It has been awhile since I have seen that issue. You could be running into a bug with VLAN derivation on bridge SSIDs or it is not supposed to work; I don't remember.
Also ask them about the ap-uplink-acl.