New Sophos Support Phone Numbers in Effect July 1st, 2023

Thread Info
  • State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 2013 views
  • Users 0 members are here
Options
Suggested

Using one SSID with multiple VLANS

Alberto Solano

Here is the scenario.

We have a client that currently has a setup with 15 SSID's. And each SSID is associated with a VLAN. It's a shared office space, with rented offices, and traffic is kept separate. However this is causing issues because there's way too much noise. Too many SSID's close to each other. 

What I'd like to know, if even possible.

  • Can we assign 1 SSID for the for the entire area.
  • And then based on the password used. Traffic is routed on the appropriate VLAN.

This can be done with Meraki.

Or maybe there's an alternate scenario that can be used in this situation.

Parents
  • 0

    Here's an outline of the process:

    1. Set up a RADIUS server:

    First, you need to set up a RADIUS server, such as FreeRADIUS, Windows Server NPS, or another RADIUS-compliant server. This server will be responsible for authenticating users and assigning them to the appropriate VLANs based on their credentials.

    1. Configure your RADIUS server:

    Create user accounts or groups on your RADIUS server, and configure the server to return a VLAN ID attribute (e.g., Tunnel-Private-Group-ID in FreeRADIUS or VLAN ID in Windows NPS) based on the user's credentials. This way, when a user authenticates, the RADIUS server will inform the access point which VLAN the user should be placed in.

    1. Configure your access points:

    On your access points or wireless controller (e.g., Meraki), create a single SSID and configure it for WPA2/WPA3-Enterprise or 802.1X authentication. Set your RADIUS server as the authentication server for this SSID.

    1. Configure your switches:

    Ensure that your switches are configured to support the various VLANs and that they are set up to use the appropriate RADIUS server for 802.1X authentication.

Reply
  • 0

    Here's an outline of the process:

    1. Set up a RADIUS server:

    First, you need to set up a RADIUS server, such as FreeRADIUS, Windows Server NPS, or another RADIUS-compliant server. This server will be responsible for authenticating users and assigning them to the appropriate VLANs based on their credentials.

    1. Configure your RADIUS server:

    Create user accounts or groups on your RADIUS server, and configure the server to return a VLAN ID attribute (e.g., Tunnel-Private-Group-ID in FreeRADIUS or VLAN ID in Windows NPS) based on the user's credentials. This way, when a user authenticates, the RADIUS server will inform the access point which VLAN the user should be placed in.

    1. Configure your access points:

    On your access points or wireless controller (e.g., Meraki), create a single SSID and configure it for WPA2/WPA3-Enterprise or 802.1X authentication. Set your RADIUS server as the authentication server for this SSID.

    1. Configure your switches:

    Ensure that your switches are configured to support the various VLANs and that they are set up to use the appropriate RADIUS server for 802.1X authentication.

Children
No Data
Unfiltered HTML