Wireless Access

Reply
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

One SSID and multiple VLANs

Hi,

Is it possible to have one SSID and direct the user to different VLANs based on the return of Radius authentication?

I'm using the bridge mode configuration.

MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: One SSID and multiple VLANs

Yes you can , what radius server are you using ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: One SSID and multiple VLANs

We use Microsoft NPS server and 802.1x authentication (EAP-TLS).

MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: One SSID and multiple VLANs

2014-09-10 11_45_38-Switch General Configuration.png

And in the NPS policy you can speficy the filter-id you want to send back

 

2014i195D23B4462E0FDA.jpg

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: One SSID and multiple VLANs

Thank you Victor.

We will try this.

Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: One SSID and multiple VLANs

One more question.

If I create the server rules to set the correct vlan, do I need to set the vlan at the Virtual AP configuration?

MVP
Posts: 4,225
Registered: ‎07-20-2011

Re: One SSID and multiple VLANs

Unless you want to authenticated user that's not included in the server rules to get a default (VLAN) then you don't. 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: One SSID and multiple VLANs

If I set at NPS a rule with an attribute as this:

Name: Vendor-Specific

Attribute number: 26

Vendor Code: 14823

Vendor assigned attribute number: 2

Atribute format: Decimal

Atribute value: 64

Do I need to create a server rule with the same attributes at the server group profile on controller?like this: set vlan condition Class equals "64" set-value 64

Search Airheads
Showing results for 
Search instead for 
Did you mean: