Communications and Wireless
1849387 Members
5999 Online
104044 Solutions
New Discussion

Wireless Guest Vlan

 
ERKAN_5
Occasional Advisor

Wireless Guest Vlan

Hello, we have two ProCurve420 AP and one ProCurve 2610 switch. I have build a 802.1x ms radius authentication on this devices. In the configuration there is 2 ssid and 2 vlan. vlan1 is local network, vlan2 is guest network. Guest network has only internet access. It is running now. But some of our local users are accessing the guest network. This is a problem. I want to do only one ssid and two vlan. The user should see only one ssid. The radius should make a choice for user. If the user is local user and the user caming with peap auth it should go vlan1 if it has no auth it should go vlan2.
I see some auth methods on ias and i tried non-authenticated choice but ias is requesting auth from non local users too.

Is there any way to do this?
Can we make this configuration on this devices?
9 REPLIES 9
cenk sasmaztin
Honored Contributor

Re: Wireless Guest Vlan



Dynamic VLAN assignment
enables (up to 64 VLAN IDs)on 420 access point

but don't support unauthenticaded client assign vlan

if client have your domain acount assign dynamic vlan with remote active directory rules

if any client don't have your domain acount unable connect wireless network.

how many access point on your system ?
cenk

ERKAN_5
Occasional Advisor

Re: Wireless Guest Vlan

I am sorry for my late answer. I facing up a lot of problems in a day in factory. sometimes i forget what did i do?

We have 2 Procurve 420 accesspoints.
cenk sasmaztin
Honored Contributor

Re: Wireless Guest Vlan

if use procurve switch we can solve your request on procurve switch

but unable roaming wireless client between access point

roaming is importand for you ?
cenk

ERKAN_5
Occasional Advisor

Re: Wireless Guest Vlan

Do you mean active directory roaming profile or wireless client roaming between accesspoints with roaming?

We are not using ad roaming profile. And if wireless client needs to change his place from one access point to another, he can reconnect wireless. thats not problem.

How can we do guest authentication on procurve switch?

cenk sasmaztin
Honored Contributor

Re: Wireless Guest Vlan

I talk about access point between wireless client
when wireless client change site must have disconnect and connect wireless network

many procurve switch support 8021.x protocol
802.1x a security standart for authentication and authentication domain users
if domanin user request authenticaiton for network logon switch and radius server make a decision connect or not connect client
i
f client not a domain user switch send authentication vlan (different vlan your lan)
this vlan may be guest vlan

in this way
your wired or wireless network for guest same time for staff network

connect switch port domain user switch send vlan 1
if connect unauthentication user switch send
guest vlan

please see video
http://www.dosya.tc/4Ug4xp/802.1x_dynamicvlan.rar.html


please see video

http://www.dosya.tc/4Ug4xp/802.1x_dynamicvlan.rar.html
cenk

ERKAN_5
Occasional Advisor

Re: Wireless Guest Vlan

Thank you for your suggestion. I downloaded the rar file but there is a password.

Could you type the password, please?
cenk sasmaztin
Honored Contributor

Re: Wireless Guest Vlan

sorry

xxx_123
cenk

ERKAN_5
Occasional Advisor

Re: Wireless Guest Vlan

Thats the what i am looking for.

By the way, this is a proud stuation becouse one of a turkish man is advising technical support to the world in an international place.

Thank you very much Mr. Sasmaztin.

Have a good day...



cenk sasmaztin
Honored Contributor

Re: Wireless Guest Vlan

not at all Erkan thank you very much
cenk