vSZ 5.1 apply User Role to SSID(s) to allow access
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2019 07:26 AM
We are finding it somewhat difficult to setup User Roles on vSZ 5.1 and assign them specific WLANs. For example, we would like a group of students to only access the Student-BYOD WLAN and Staff to access the STAF-BYOD.
It would seem this is not possible in vSZ as i have been stuck with this problem for the last 2 years unless i've completely missed it.
On the ZD1200 it can be found under Services & Profiles > Roles. In the vSZ, looking under Clients > User & Roles it's a completely different thing.
Can someone tell me where the image below can be configured in vSZ:
As you can see on the ZD, testing a user against AD and against Roles, the ZD knows what ROLE to give the user.
When i try to test the AAA AD server i've setup on the vSZ i get the follow message against a test user:
I've tried my best to find the ROLES as on the ZD1200 so i'm now left with the message "The user will not be assigned to any roles."
Can somebody / anybody tell me where to configure the roles just like on the ZD1200.
Thanks
It would seem this is not possible in vSZ as i have been stuck with this problem for the last 2 years unless i've completely missed it.
On the ZD1200 it can be found under Services & Profiles > Roles. In the vSZ, looking under Clients > User & Roles it's a completely different thing.
Can someone tell me where the image below can be configured in vSZ:
As you can see on the ZD, testing a user against AD and against Roles, the ZD knows what ROLE to give the user.
When i try to test the AAA AD server i've setup on the vSZ i get the follow message against a test user:
I've tried my best to find the ROLES as on the ZD1200 so i'm now left with the message "The user will not be assigned to any roles."
Can somebody / anybody tell me where to configure the roles just like on the ZD1200.
Thanks
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2019 09:13 AM
Hi Tim, sorry for the confusion. This is not supported currently on SZ--at least, not supported from the SZ's enforcement perspective. We have had many customers solve this by using AAA policies on the AAA server, using the WLAN attribute sent in the RADIUS request to allow/deny roles based on this input.
thanks,
Marcus
thanks,
Marcus
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-21-2019 05:51 AM
Marcus can you explain how to send the WLAN attribute in the Radius request?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2019 01:12 PM
Hey Tim, sorry for the late reply here. Sorry if you've already sorted this out.
On the WLAN settings, configure a user-defined NAD ID (RADIUS options). This NAS ID is sent in RADIUS requests to the RADIUS server.
On the RADIUS side, configure a policy allowing (or denying) user groups based on the NAS ID matching your configured definition on SZ. In the authentication exchange, this NAS ID is used as a match condition to allow/deny certain user groups.
On the WLAN settings, configure a user-defined NAD ID (RADIUS options). This NAS ID is sent in RADIUS requests to the RADIUS server.
On the RADIUS side, configure a policy allowing (or denying) user groups based on the NAS ID matching your configured definition on SZ. In the authentication exchange, this NAS ID is used as a match condition to allow/deny certain user groups.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2023 09:25 AM
Please help me,
I want configuration NAS ID on NPS windows Server.
Can you guide me to configure it ?