1. Documentation
  3. Wireless
  5. Configuration
  7. WLAN Configuration
  9. VLANs (Static & Dynamic)

VLANs (Static & Dynamic)

Modified on

STATIC VLANs

First configure a WLAN by going to Network > WLANs and then select Tagged in the VLAN section to configure a static VLAN for your network.  Here, enter your VLAN ID and make sure the same VLAN is tagged on your switch port.

By default a WLAN will be set not to use VLANS – untagged.

Customers may have already deployed VLANs on their network and you can tie this WLAN (SSID) to a specific VLAN.

VLAN POOL

When VLAN Pool is enabled on your WLAN, the clients will be assigned IPs from any of the VLANs listed in the pool, which are randomly selected based on MAC hashing algorithm performed by the cloud/AP.

DYNAMIC VLANs

Configuring a WLAN using dynamic VLANs allows you to assign different users to different VLANs depending on the password provided when connecting to the SSID.

Things you will need:

  • RADIUS server with the username/password and VLAN assignments configured
  • Switch connected to the AP configured with the correct VLANs

Setting up a RADIUS server for Dynamic VLANs:

In this example we are configuring a freeRADIUS server.  In the /etc/freeradius folder (/etc/freeradius/3.0 for freeRADIUS 3.0) we will edit two files to configure a dynamic VLAN setup.

In clients.conf, make sure to specify the network in which client requests will come in, and a secret for the network.  We have 10.0.0.0/18 as our network and ‘secret’ as our secret.

In users, define specific username and passwords for login as well as the specific VLAN to be associated with the username.  There are two types of VLAN types you may assign: Airespace or Standard (Tunnel-Private-Group-ID).  For Tunnel-Private-Group-ID, simply provide the VLAN ID.  For Airespace, provide an Interface Name.  The VLAN ID matching to each interface name will be defined in the Mist UI.  Here, we have two users on Standard and two users on Airespace.  Note that you may only use one type per SSID.

Once these two files are configured, start up your radius server and move onto the Mist Dashboard configuration.

Setting up Dynamic VLANs on the Mist Dashboard:

Navigate to Network -> WLANS to create a new WLAN.  Select WPA-2/EAP (802.1X) as the security type.  Scroll down and find the RADIUS Authentication Servers section where you will enter the IP of your RADIUS server and the secret (defined in clients.conf)

Scroll down and in the VLAN section, select Dynamic.  Here, you may select either Airespace or Standard as your VLAN type.  For Standard VLAN, enter all of the VLAN IDs defined in the users file on your RADIUS server.

For Airespace VLAN, enter the Interface Names defined in the users file, and on the left column, assign the desired Dynamic VLAN to match to each Interface Name.

Make sure your switch has the correct VLANs configured for your connected APs.  Now, when users connect to this SSID, they will be put on a specific VLAN depending on the username/password they enter.