One SSID - redirect to two different vlans.

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi all.
Is there anybody who knows how to configure One SSID on IdentiFi and redirect users to two different vlan's according to their Authenticatin method. One Vlan for EAP-TLS and one Vlan for EAP-PEAP?
We use Windows 2012R2 for Radius.
Photo of lhuso

lhuso

  • 354 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Hartmut Sachse

Hartmut Sachse

  • 2,598 Points 2k badge 2x thumb
You have to create two nps rules with different auth methods enabled. Every rule includes radius attribute to redirect the user in the right vlan.

Here is a link to ms knowledge how you could append the radius attributes to steer the vlan:

https://technet.microsoft.com/en-gb/library/cc772124%28v=ws.10%29.aspx
Photo of lhuso

lhuso

  • 354 Points 250 badge 2x thumb
Thanks.
I will check this out soon.
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,214 Points 5k badge 2x thumb
You can also return a Filter ID applying different roles to the users.
The roles is defined on the controller.
The roles allow for "firewall like" rules to be applied to individual users on the same SSID, including Vlan, Rate limit, QOs ect...
 
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,514 Points 20k badge 2x thumb
Check out: https://youtu.be/yJ1KAW6HHRA?list=PLvQMiI4QwvHQJc9iyfGAOB7qFdqNmqmyD
It may help point you in the right direction.