MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.
Solved
RADIUS with multi SSID's on same AP (RADIUS Client)
Posted on 2016-08-17
Good morning Experts,
We have an Ubiquiti wireless network system, the AP's give out multiple wireless networks, each one using a different VLAN for pointing guest networks out on a separate ADSL connection, and corporate networks using another VLAN which is part of our corporate network.
I have just about managed to work out how to set up RADIUS authentication on these AP's (Clients) ... but I am wondering if it is possible to configure separate network policies and rules, for each different wireless network?
This might be a straight 'No' but I just would like someone else's opinion.
Thanks
We have an Ubiquiti wireless network system, the AP's give out multiple wireless networks, each one using a different VLAN for pointing guest networks out on a separate ADSL connection, and corporate networks using another VLAN which is part of our corporate network.
I have just about managed to work out how to set up RADIUS authentication on these AP's (Clients) ... but I am wondering if it is possible to configure separate network policies and rules, for each different wireless network?
This might be a straight 'No' but I just would like someone else's opinion.
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
4 Comments
Active 1 day ago
Of course you can do that. Just create a condition that matches your SSID for each policy. Your APs or WLC will need to send the "Called-Station" attribute which is formatted as "Client-MAC:SSID" to the RADIUS server.
If your APs or WLC supports the "NAS-ID" attribute per SSID you could use that as a condition, which is easier.
If your APs or WLC supports the "NAS-ID" attribute per SSID you could use that as a condition, which is easier.
Hi Craig,
When you say 'create a condition' do you mean create a Network Policy with the same name as the SSID?
And where would I specify the 'Called-Station' attribute? Sorry I am a complete beginner when it comes to setting up RADIUS.
Here is a screen shot of the configuration options I have on a test wireless network i set up on our AP's management console.
Thanks
When you say 'create a condition' do you mean create a Network Policy with the same name as the SSID?
And where would I specify the 'Called-Station' attribute? Sorry I am a complete beginner when it comes to setting up RADIUS.
Here is a screen shot of the configuration options I have on a test wireless network i set up on our AP's management console.
Thanks
Craig, I've done a bit more reading into this since my last comment, and found where to specify VLAN info instead.
However, when my computer connects to the network, it is not picking up the VLAN 8 which was specified. Any tips?
thanks
However, when my computer connects to the network, it is not picking up the VLAN 8 which was specified. Any tips?
thanks
Active 1 day ago
If you do VLAN assignment via RADIUS you only need one SSID. The RADIUS policy tells the WLC which VLAN to put the client on. You need to untick the VLAN ID box in the SSID config though and in some cases the WLC might need to be told to use the VLAN attributes that you configured in the RADIUS profile.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
- Virtualization
- Windows 10
- Windows Server 2016
- Windows Server 2012
- Hyper-V
- Windows, Azure, *Clustering
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance.
A concise guide to the settings required on both devices
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.
But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month5 days, 6 hours left to enroll
670 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.