Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

dynamic VLAN not working with RADIUS

Posted on 2016-08-22
3
Medium Priority
?
110 Views
Last Modified: 2016-08-23
Hi Experts,

I have a RADIUS NPS running on Windows Server 2012, and have configured this to work with 802.1X wireless.

I've got to the point where a user needs to be in the relevant security group in AD in order to connect to the wireless network; so I know that authentication is working.

However I then proceeded to specify VLAN information in the Network Policy, as below, but when I connect a windows 7 laptop to this network, while being logged in as an authenticated user, this connects fine but does not use the VLAN I have specified.

Network Policy
VLAN 8 on our switches, has its own IP Helper Address, which points to an ADSL router on that VLAN... so this should then use a separate internet connection.. but it is not using VLAN 8 at all.. it continues to use a native VLAN 1 ... and the computer uses our corporate network internet connection.

Any tips?

thanks
Nathan
0
Comment
Question by:Nathan Lindley
  • 2
3 Comments
 
LVL 47

Expert Comment

by:Craig Beck
ID: 41765216
Is your WLC honouring the VLAN ID that the RADIUS is sending?  You need to tell the WLC to apply a VLAN ID that is dictated by RADIUS, rather than what you have set on the SSID.
0
 

Author Comment

by:Nathan Lindley
ID: 41765251
Hi Craig,

I am using a Cisco WAP4410N with 2.0.7.4 firmware. I am not too sure where I would specify this on here.. I'll attach some screenshots?

setup-advanced.PNG
wireless-connection-control.PNG
wireless-security.PNG
wireless-VLAN-and-QOS.PNG

Thanks
0
 
LVL 47

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 41766810
Hmm, so unfortunately the WAP4410N doesn't support dVLAN assignment.  It's a small-business AP so Cisco kindly restricted its feature-set. :-(
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question