cancel
Showing results for 
Search instead for 
Did you mean: 

Active directory and VLAN match

erick_muller_65
New Contributor
Is it possible to change the VLAN of a user based on his/her AD group, using guest pass, captive portal or zero-it? I know that this can be done by authenticating users via 802.1x but we want to know if there's a way to do it using other types of authentication.
1 REPLY 1

primoz_marinsek
Valued Contributor
DVLAN works by passing attributes to a RADIUS and receiving a reply of a VLAN ID called a "Tunnel-Private-Group-ID" so 1X is required to achieve that.

And you can only use 1X with the "Standard usage" or "HotSpot 2.0" Type of WLAN you create and only if choosing WPA or WPA2 (not Mixed).

That's because a user needs to authenticate before it gets an IP, so that the proper IP is given to a user, and that can only be achieved if a user is verified at Layer 2. Guest portals and such verify users at Layer 3 when a user already has an IP.