Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
5
Replies

Dynamic VLANs

ross.morrison
Level 1
Level 1

‎12-05-2006 06:53 AM - edited ‎07-03-2021 01:19 PM

Is there any way to dynamically assign a vlan when a guest user associates with an AP.

Using Wireless lan controller.

I understand this is possible using ACS to assign the vlan dynamically but that requires a username and password to be input.

What I have in mind is for guest access but for each "guest" to be put into a seperate vlan without them having to configure any settings.

Labels:
0 Helpful
5 Replies 5

alinn
Cisco Employee
Cisco Employee

‎12-05-2006 10:38 PM

Hello Ross,

There is a solution called AP Group VLAN and this will put all clients on an APs in the group to be assigned to a certain vlan. Explained in detail here:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

But this requires two different sets of APs. Otherwise you will need to user the AAA Override feature ,which as you mentioned, requires a username/password.

Hope this helps.

Regards,

Aaron

0 Helpful

ross.morrison
Level 1
Level 1
In response to alinn

‎12-06-2006 01:27 AM

Thanks Aaron.

Its not quite what we are looking for though.

We want each guest user to be put into their own seperate vlan, the first user would go in vlan11, user 2 would go in vlan12, user 3 would go in vlan 13 etc etc

0 Helpful

ankbhasi
Cisco Employee
Cisco Employee
In response to ross.morrison

‎12-06-2006 01:56 AM

Hi Ross,

You can configure something like AAA override where as per the user identity VLAN will be assigned via the Radius server.

For suppose your user with name XXX logs in , it will check the Radius server and if radius server is configured to return the intarface name it will return this as an attribute and if that interface is created on your controller mapped to some vlan your user XXX will be assigne dto that VLAN only.

Check this link for more details

http://www.cisco.com/univercd/cc/td/doc/product/wireless/control/c44/ccfig40/c40sol.htm#wp1124844

HTH

Ankur

0 Helpful

gerson
Level 1
Level 1
In response to ankbhasi

‎12-06-2006 12:57 PM

Besides VLANs if all your looking for is LAN segmentation (guest user isolation) you can enable one VLAN to use the Public Secure Packet Forwarding under the VLAN services tab on your APs. Each client is then fully segmented. As per Cisco's doc's on the matter:

Public Secure Packet Forwarding

Public Secure Packet Forwarding (PSPF) prevents client devices associated to an access point from inadvertently sharing files or communicating with other client devices associated to the access point. It provides Internet access to client devices without providing other capabilities of a LAN.

No exchange of unicast, broadcast, or multicast traffic occurs between protected ports. Choose Enable so that the protected port can be used for secure mode configuration.

PSPF must be set per VLAN.

Note: To prevent communication between clients associated to different access points on your wireless LAN, you must set up protected ports on the switch to which your access points are connected.

/gjr

0 Helpful

naveen_b81
Level 1
Level 1

‎12-07-2006 01:20 AM

You can create a VLAN, and map a SSID to that VLAN and disable authentication for it for guest users.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card