This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Active directory and VLAN match

erick_muller_65
New Contributor

‎04-27-2014 09:05 PM

Is it possible to change the VLAN of a user based on his/her AD group, using guest pass, captive portal or zero-it? I know that this can be done by authenticating users via 802.1x but we want to know if there's a way to do it using other types of authentication.
1 REPLY 1

primoz_marinsek
Valued Contributor

‎04-28-2014 12:23 AM

DVLAN works by passing attributes to a RADIUS and receiving a reply of a VLAN ID called a "Tunnel-Private-Group-ID" so 1X is required to achieve that.

And you can only use 1X with the "Standard usage" or "HotSpot 2.0" Type of WLAN you create and only if choosing WPA or WPA2 (not Mixed).

That's because a user needs to authenticate before it gets an IP, so that the proper IP is given to a user, and that can only be achieved if a user is verified at Layer 2. Guest portals and such verify users at Layer 3 when a user already has an IP.
0 Kudos
Copyright © 2025 Khoros, LLC
Top

Type a product name