Wireless Access

Reply
Highlighted
Contributor I

Split Tunnel RAP - Role based VLAN?

Does anyone know if it is possible to use dynamic VLAN assignment with ClearPass for a RAP virtual-ap profile in split-tunnel mode?

 

Example VAP config:

 

wlan virtual-ap "CORP_RAP"
aaa-profile "CORP_aaa_prof"
vlan 999
forward-mode split-tunnel
ssid-profile "CORP_RAP_ssid_prof"
broadcast-filter all

!

user-role A
access-list session allowall
vlan 111
!
user-role B
access-list session allowall
vlan 222

 

ClearPass would return role A or B which sets a different VLAN.

 

The documentation says named VLANs and VLAN pooling aren't allowed with split-tunnel mode + RAP, but can't see anything to say this wouldn't work?


Accepted Solutions
Highlighted
MVP Expert

Re: Split Tunnel RAP - Role based VLAN?

Yes it is valid to return a VLAN ID from ClearPass while using a split-tunnel VAP



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post


All Replies
Highlighted
MVP Expert

Re: Split Tunnel RAP - Role based VLAN?

Yes it is valid to return a VLAN ID from ClearPass while using a split-tunnel VAP



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: