cancel
Showing results for 
Search instead for 
Did you mean: 

How to create a single SSID with multiple vlans ?

How to create a single SSID with multiple vlans ?

Yakup_Erdol
New Contributor III
Hi all,

I have deployed a Netsight server, a Extreme NAC server and a c5210 wireless controller.

On the Wireless controller side:
I created a WLAN service with authentication mode 802.1x which is using a single radius server (Extreme NAC IA-A-20) for auth & acct.

I also created a role with default action:
Access Control: containment VLAN
VLAN: vlan212

Clicked Advanced >> Added vlan212, vlan300, vlan211 to be used. I have not defined any policy rules.

Then I defined a VNS to bind this WLAN service to this Role when user is authenticated.

On the NAC side:

I added the EWC to access control engine as "Extreme identiFi Wireless".

I created two policy roles. One of them is configured to contain to vlan211 and the other is configured to contain to vlan300.

Note
: when I try to enforce domain data to wireless controller, "cannot remove active Role -XXXX- from EWC ..." error occurs.

Then I have tested with two wireless clients. I can see that both clients are assigned to these different NAC profiles successfully. But they are assigned to same vlan212.

Is it possible to assign clients with different NAC profiles to different Vlans on the same SSID ?

Thanks.
13 REPLIES 13

Sorry again. Would you explain what "CoSes" is ?

You are trying to use Policy from the ExtremeManagement . Most probably you already have some CoSes configured on the controller which prevent pushing the policies to . Clean up (just delete) all the custom made CoSes you have on controller , then you can try to push Policy again from ExtremeManagement.

Yakup_Erdol
New Contributor III
Hi Yury,

I am confused. Do you mean "WLAN service" by Topology ? If yes, how will EWC decide which 801.x authenticated user use which topology ?

Thanks.

Thank you very much Yury. All these informations really helped me a lot.

Technically, you don't need to do anything else on controller. You already pushing the Policies to controller. Whatever you define on controller as 'default action' does not matter since NAC will override it based on user authentication. That's why it called 'dynamic policy assignment'. Its the same way as dynamic VLAN assignment, just using different VSA attributes ( FilterID instead of tunneled attributes). But looks like you are on a right path.
GTM-P2G8KFN