This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

One SSID with multiple VLAN's on ExtremeCloud IQ Controller

One SSID with multiple VLAN's on ExtremeCloud IQ Controller

Go to solution
SkyGazer
New Contributor

‎05-11-2023 06:13 AM

Hi

I'd like to create an SSID with multiple VLAN's for a PoC using the local AAA Policy with some local users. 

Let's say if the user vlan_100 connects with its password then the frames of the devices are tagged with the VLAN ID 100. If the user vlan_200 connects, then the frames are tagged with the VLAN ID 200 and so on. 

What I've done until now: 

- In OnBoard -> Local Password Repository I've created a local user

- In OnBoard -> Access Control Group I've created a group with the type "User - Username" and the Group Mode "Match Any". I've then added an entry with the username of the user that I've created in the step before

- In Configure -> Networks -> WLANs I've created a WLAN with the Auth Type WPA2-Enterprise with these settings: 

SkyGazer_0-1683810512738.png

Can someone point me to what I'm missing to make this work? Maybe a ressource where a configuration like this is explained? 

Thank you very much in advance. 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ronald_Dvorak
Honored Contributor

‎05-11-2023 08:44 AM

Hi Sky,

let start with the VLANs > in my case untagged 100 (it's because of my lab setup) and tagged 200.

In all steps if required assign the config to the correct device profile of the AP in use.

Ronald_Dvorak_0-1683818659090.png

Then create the 2 roles with the VLANs of step one.

Ronald_Dvorak_1-1683818822838.png

Create user1 and user2

Ronald_Dvorak_3-1683819075815.png

Next we create 2 groups > add user1 to group1 and user2 to group2 

Ronald_Dvorak_2-1683818959211.png

Now the SSID

Ronald_Dvorak_4-1683819265740.png

And the last one are two rules = which result in >>>

IF group100 and SSID localAAA THEN VLAN100

IF group200 and SSID localAAA THEN VLAN200

Ronald_Dvorak_5-1683819301461.png

client connects with user1 > 

Ronald_Dvorak_6-1683819571950.png

same client uses user2 cred >

Ronald_Dvorak_7-1683819714956.png

I hope the steps are clear if not let me know - good luck 🙂

BR,

Ron

View solution in original post

3 REPLIES 3

Go to solution
Ronald_Dvorak
Honored Contributor

‎05-11-2023 08:44 AM

Hi Sky,

let start with the VLANs > in my case untagged 100 (it's because of my lab setup) and tagged 200.

In all steps if required assign the config to the correct device profile of the AP in use.

Ronald_Dvorak_0-1683818659090.png

Then create the 2 roles with the VLANs of step one.

Ronald_Dvorak_1-1683818822838.png

Create user1 and user2

Ronald_Dvorak_3-1683819075815.png

Next we create 2 groups > add user1 to group1 and user2 to group2 

Ronald_Dvorak_2-1683818959211.png

Now the SSID

Ronald_Dvorak_4-1683819265740.png

And the last one are two rules = which result in >>>

IF group100 and SSID localAAA THEN VLAN100

IF group200 and SSID localAAA THEN VLAN200

Ronald_Dvorak_5-1683819301461.png

client connects with user1 > 

Ronald_Dvorak_6-1683819571950.png

same client uses user2 cred >

Ronald_Dvorak_7-1683819714956.png

I hope the steps are clear if not let me know - good luck 🙂

BR,

Ron

Go to solution
aizakduran
New Contributor
In response to Ronald_Dvorak

‎01-28-2024 10:33 AM

This is also somthing that we need in our environment

0 Kudos

Go to solution
SkyGazer
New Contributor
In response to Ronald_Dvorak

‎05-12-2023 12:40 AM

Hi Ron

that was exactly what I was looking for. Thank you very much for your help. It works exactly as I had intended. 

Cheers

Sky

GTM-P2G8KFN