How to create a single SSID with multiple vlans ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2017 12:51 PM
Hi all,
I have deployed a Netsight server, a Extreme NAC server and a c5210 wireless controller.
On the Wireless controller side:
I created a WLAN service with authentication mode 802.1x which is using a single radius server (Extreme NAC IA-A-20) for auth & acct.
I also created a role with default action:
Access Control: containment VLAN
VLAN: vlan212
Clicked Advanced >> Added vlan212, vlan300, vlan211 to be used. I have not defined any policy rules.
Then I defined a VNS to bind this WLAN service to this Role when user is authenticated.
On the NAC side:
I added the EWC to access control engine as "Extreme identiFi Wireless".
I created two policy roles. One of them is configured to contain to vlan211 and the other is configured to contain to vlan300.
Note: when I try to enforce domain data to wireless controller, "cannot remove active Role -XXXX- from EWC ..." error occurs.
Then I have tested with two wireless clients. I can see that both clients are assigned to these different NAC profiles successfully. But they are assigned to same vlan212.
Is it possible to assign clients with different NAC profiles to different Vlans on the same SSID ?
Thanks.
I have deployed a Netsight server, a Extreme NAC server and a c5210 wireless controller.
On the Wireless controller side:
I created a WLAN service with authentication mode 802.1x which is using a single radius server (Extreme NAC IA-A-20) for auth & acct.
I also created a role with default action:
Access Control: containment VLAN
VLAN: vlan212
Clicked Advanced >> Added vlan212, vlan300, vlan211 to be used. I have not defined any policy rules.
Then I defined a VNS to bind this WLAN service to this Role when user is authenticated.
On the NAC side:
I added the EWC to access control engine as "Extreme identiFi Wireless".
I created two policy roles. One of them is configured to contain to vlan211 and the other is configured to contain to vlan300.
Note: when I try to enforce domain data to wireless controller, "cannot remove active Role -XXXX- from EWC ..." error occurs.
Then I have tested with two wireless clients. I can see that both clients are assigned to these different NAC profiles successfully. But they are assigned to same vlan212.
Is it possible to assign clients with different NAC profiles to different Vlans on the same SSID ?
Thanks.
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2017 01:33 PM
I strongly advice you to pay an Extreme Partner to do it for you / show you the basic functions during the installation.
Here a list for your country...
http://www.extremenetworks.com/partners/find-a-partner/location/Europe-Middle-East-Africa/TR/?show-p....
Or you'd attend the official training for wirless and NAC...
http://www.extremenetworks.com/education/courses/
BR,
Ron
Here a list for your country...
http://www.extremenetworks.com/partners/find-a-partner/location/Europe-Middle-East-Africa/TR/?show-p....
Or you'd attend the official training for wirless and NAC...
http://www.extremenetworks.com/education/courses/
BR,
Ron
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2017 01:33 PM
And why "cannot remove active Role -XXXX- from EWC ..." error occurs when enforcing the policy on Netsight ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2017 01:33 PM
I thought it was the plural form of "CoSe" 🙂
Thanks for the great explanation.
Thanks for the great explanation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-13-2017 01:33 PM
On the VNS page of the wireless controller you have (from top to bottom) : Global , Sites, Virtual Networks, WLAN Sevices , Roles , Class of Service , Topologies .
CoS is Class of Service .
Roles and Class of Service can be configured right on the wireless controller , or on Extreme Management (in the Policy section) and pushed to the Wireless Controller . If you configure CoS first on wireless Controller , it will prevent ExtremeManagement to push and override it . Ideally if you start using Policy from ExtremeManagement , do not touch Roles and Class of Services on the controller - do all you changes on ExtremeManagement Policy instead.
CoS is Class of Service .
Roles and Class of Service can be configured right on the wireless controller , or on Extreme Management (in the Policy section) and pushed to the Wireless Controller . If you configure CoS first on wireless Controller , it will prevent ExtremeManagement to push and override it . Ideally if you start using Policy from ExtremeManagement , do not touch Roles and Class of Services on the controller - do all you changes on ExtremeManagement Policy instead.
