Wireless Access

Hi everyone,

 

                    i have done  VLAN mapping to one SSID, so same ssid mapped to 2 different vlans,,,and i put them in different AP groups. this ssid is for guests in 2 diffrent floors.with 2 diffrent captive portals, which means the client will get an IP before he authenticates ( no ACS or clearpass), its an open authentication, The question is how can the controller tell the differnce between the users and map them to the right vlan?

 

thanks for clearing the issue.

Clone your virtual AP and AAA profiles and assign different pre-auth roles with the different captive portals attached.


Thanks,
Tim

Thanks Tim, i will do it and get back to you.

Hi,

 

VLAN can be mapped to a user  through a role also. hence create different authenticated roles for each location and map different VLAN to those roles. here is the work around,

AP-Group-1

VAP-1-->

VALN- A

SSID-1

AAA-1-->Guest-Logon-Role-->CP-Profile-1-->Default Role-->Guest-Role-1

Guest-Role-1-->VLAN-X

 

AP-Group-2

VAP-2-->

VALN- A

SSID-1

AAA-2-->Guest-Logon-Role-->CP-Profile-2-->Default Role-->Guest-Role-2

Guest-Role-2-->VLAN-Y

 

AP-Group-3

VAP-3-->

VALN- A

SSID-1

AAA-3-->Guest-Logon-Role-->CP-Profile-3-->Default Role-->Guest-Role-3

Guest-Role-3-->VLAN-Z

 

For your ref :

Assigning Initial role for triggering CP-Profile

Assigning CP-Profile to the Guest logon role:

 

 

Mapping Guest authenticated role to CP-Profile :

Mapping VLAN to Guest Authenticated role :

Please feel free for any further help on this.

 

 

 

In the above config, AP-Group of each location will have different AAA profiles with different CP-profile ,Default guest role with different VLAN, hence you can meet you can requirement.