Vlan of of wireless users can be assigned statically on each wlan. In below example, vlan 11 assigned to the wlan named test1. This is the basic way of VLAN assignment on WLAN, and no matter what user joined WLAN, same VLAN will be assigned to the wireless users.
But, There are many customers who want to have only one SSID, but want to classify the VLAN according to the AD group in which wireless user involved. In such a case, VLAN can be assigned dynamically according to the group where wireless user included by using radius attributes named tunnel-private-group-id. On WiNG OS, “Allow RADIUS Override” must be checked as below for dynamic vlan assignment by radius attribute.
Tunnel-private-group-id should be configured on Window NPS server, different tunnel-private-group-id can be assigned to different group configured on Active Directory.
Below figures show how we can deploy dynamic vlan assignment on Windows 2012 server.
NPS server will have a policy for each AD group, and AD group will be defined on condition field of NPS policy.
Below figures show how we can deploy dynamic vlan assignment on Windows 2012 server.
[ NPS policy ]
[ Condition to match specific policy ]
On the settings field of NPS policy, it will have tunnel-private-group id which means vlan id of wireless user.
[ Assign specific vlan ID by tunnel-private-group-ID ]
Hey, It really is incredibly fantastic and informative website. Good to discover your site Very well article! I’m simply in love with it.
ReplyDeleteWindows Server Essential
Thanks for your compliment :)
Delete