CommScope RUCKUS Community Forums

kyle_gatlin · ‎08-23-2016

Does this mean specifically support for 802.1x services or .1x like services?

nicolas_maton · ‎08-23-2016

Dynamic vlans are attributed by radius or DPSK.

Dynamic PSK (one time passwords you can create in the ZD or VSZ)
Or you can let a user login with a username and password that is checked agains a radius server. If this user has a specific vlan attribute assigned to it's account, the controller will connect the wifi client to the destined vlan.

kyle_gatlin · ‎08-23-2016

I understand the latter (802.1x) on a switch and how that configuration looks on an interface used for physical connectivity. When u sing 802.1x for Wireless would you still configure the switchport facing an AP the same way?

Or do you still have a management VLAN, an access VLAN, and the wireless controller itself has a separate VLAN database?

Curious as to how this works in an environment where the AP switches traffic across the network normally instead of tunneling to the Director.

michael_brado · ‎08-23-2016

If you maintain a separate management VLAN for your ZD and APs, that's normal and best practice.

You need to support the default VLAN of the 802.1x WLAN that you define, *and* the additional VLAN(s) you want the user Role to specify.

The new 'Dynamic VLAN' is assigned to the client by their authentication, then a COA or DM, will disconnect the client who immediately is
re-associated and assigned to the specified new VLAN. Client DHCP request goes out on that VLAN, etc from there.

CommScope RUCKUS Community Forums

What does Ruckus mean specifically when it says it supports "Dynamic VLANs"?