This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

One SSID, One VLan, One IP Pool, Restrict Access by Role

One SSID, One VLan, One IP Pool, Restrict Access by Role

jaden
New Contributor II

‎05-06-2016 01:23 AM

We have a requirement here.
Situation as below.

One SSID, One Vlan, One IP Pool.
Differentiate by Roles such as Role A can access between Role A, internet and internal.
Role B can only access to Internet and between Role B, means no internal.

Is there a way to do this?

Thanks.
12 REPLIES 12

Alexandr_P
Valued Contributor
In response to Alexandr_P

‎05-06-2016 03:57 AM

So, in this case you have to use RADIUS/TACACS+, NAC and so on.
(to have some condition on which map some role)

Thank you!
0 Kudos

jaden
New Contributor II
In response to Alexandr_P

‎05-06-2016 03:57 AM

It's impossible to authenticate with MAC addresses as there will be Role B,C,D and so on.
Tenant may come and go, this will be bulky of work.
0 Kudos

André_Herkenrat
Extreme Employee

‎05-06-2016 03:51 AM

The Keyword to this is "OnePolicy" . Based on the role the Client get's his own policy and can access exactly the targets you want. The only things you need are a wireless controller, several APs and a radius server. When you use Extreme Control (formerly NetSight and NAC), you can do this very easily.

/André
0 Kudos

jaden
New Contributor II
In response to André_Herkenrat

‎05-06-2016 03:51 AM

Is there any configuration example I could study on?
Helps me to understand faster as I haven't configured any policy yet.

Also, it could configured in OneView Policy sector right?
0 Kudos

Christopher_Dav
New Contributor II

‎05-06-2016 01:33 AM

Hmm. Is there a reason you have to have one vlan and ip pool? If you were able to break from that you could use NPS like this. https://community.extremenetworks.com/extreme/topics/one-ssid-redirect-to-two-different-vlans Outside of that... I'd say you'd have to implement 802.1x and maybe use NAP. https://technet.microsoft.com/en-us/network/bb545879.aspx Anything more specific let me know. Good luck!!
0 Kudos
GTM-P2G8KFN