Scheduled maintenance on Saturday, August 8th from 7am to 10am (UTC). Licensing registrations and key activations will be unavailable during this period. More info here.
We'd love to hear about it! Click here to go to the product suggestion community
I have radius server and sophos access point and i want when user auth to the access point through the radius server to be located in specific vlan how can i do that .
As far as I know ... this is not possible.
That should be possible via SSID configuration.
As you can assign the VLAN ID as the Radius server assign them:
In reply to LuCar Toni:
This way is a static association.
I think what it's wanted is to assign a VLAN dyamically from the radius, ex: Tunnel-PVT-Group-ID = 20 where 20 is the vlan ID for the authenticated user.
I'm struglling with this situation and I think it's not possible to assign a dynamic vlan.
Still searching... :)
In reply to Paulo Cabrita:
This is possible.
Create a VLAN Interface for every VLAN your WiFi users need to access.
Create a RADIUS Server in XG and enable it in Wireless>Wireless Settings
On the RADIUS Server create Groups and Mappings for the Users and VLANs.
Find information here: https://community.sophos.com/kb/en-us/127328
and here (for VLAN assignment in RADIUS): https://www.expertnetworkconsultant.com/configuring/ieee-802-1x-authentication-and-dynamic-vlan-assignment-with-nps-radius-server/
In Wireless create a Wireless network with WPA enterprise and a default (that VLAN-Interface must exist on XG) VLAN ID.
That should be most of it.
In reply to LHerzog:
Thanks! I will take a closer look.
I think the equipment has some kind of limitation regarding the local wifi (the antenna of the firewall itself) that does not support binding with VLAN (https://docs.sophos.com/nsg/sophos-firewall/v17.0.9/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/WPNetworkEdit.html).
If so, I will have to buy another access point :(