This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

One SSID, One VLan, One IP Pool, Restrict Access by Role

One SSID, One VLan, One IP Pool, Restrict Access by Role

jaden
New Contributor II

‎05-06-2016 01:23 AM

We have a requirement here.
Situation as below.

One SSID, One Vlan, One IP Pool.
Differentiate by Roles such as Role A can access between Role A, internet and internal.
Role B can only access to Internet and between Role B, means no internal.

Is there a way to do this?

Thanks.
12 REPLIES 12

Zdeněk_Pala
Extreme Employee

‎05-06-2016 04:26 AM

It is easy to accomplish that with EXtreme Control solution = NAC. In the management you will define criteria like MAC address or Username or hostname and based on that you assign the right profile. In the profile you define ACLs what such device/user can do... Single SSID design is good. Good luck.
Regards Zdeněk Pala
0 Kudos

FES
New Contributor III
In response to Zdeněk_Pala

‎05-06-2016 04:26 AM

If you have Radius-LDAP you can define de field Filter-ID attribute at the radius response, and create a rol with the same name at the Role tab.
In the VirtualNetwork tab you configure the default role, but if the radius response can find a role with the same name that the Filter-ID attribute then role asigned change.
I am not sure at all, but you can create a testing wlan
0 Kudos

jaden
New Contributor II
In response to Zdeněk_Pala

‎05-06-2016 04:26 AM

Any documentation can I refer to?
I would like to use with the Radius server too.
0 Kudos

Alexandr_P
Valued Contributor

‎05-06-2016 03:57 AM

Hello, Jaden!

I think simples way is to use authenticate roles based on MAC addresses of clients.
Like Role A - accept all for MAC addresses A, B, C.
Role B - (for example) deny dns, deny Internet gateway for MAC addresses D, E, F.

Thank you!
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN