Extreme Networks

Thiago_Almeida · ‎09-03-2014

Hi all,

Is it possible to have a single SSID for two separated Active Directory domains?

Our customer have two different domains, with separated ADs and different vlans.

Can we configure the Enterasys controller to use only one SSID and authenticate user on both domains and leading them to the correct VLAN for their domain?

Thanks and regards,

TA

Thiago_Almeida · ‎09-03-2014

Hi Doug and Harmuth,

Thank you both for your replies.

I think I will check the option that Doug gave me, a unique RADIUS polling both ADs.

Thanks and regards,

TA

Doug · ‎09-03-2014

One other option is to use "Sites" mode for the network you inherited and keep everything local to just that site. The master AP at the site (no more than 32 access points per site) will send the RADIUS request to the RADIUS server that is local and accessible to that site.

Doug Hyde
Director, Technical Support / Extreme Networks

hsachse · ‎09-03-2014

Is there a trust relationship between the domains? In that case it also be possible, but never tried it. For completely independent domains/ad servers my first idea is a solution.

Here is an example for configure NPS for eduroam use:

http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Eduroam/Eduroam_in_a_Microsoft_Windows_...

You can adopt the idea for your use case.

Thiago_Almeida · ‎09-03-2014

Hi Harmut,

The AD servers are independent from each other, they're not on the same forest.

We are talking about two different physical servers on different subnets.

I can't make the RADIUS server look for two independent AD servers?

Extreme Networks

Flexible SSID (Multiple Active Directory)

Flexible SSID (Multiple Active Directory)