Dynamic Vlan Assignment

AbertayAbertay
in WiFi - Cloud Managed

Hi,

Has anyone managed to get dynamic vlan assignment working with cloud WiFi and Radius (Clearpass in this case). If i setup the site to use SSID assigned VLANS they all work individually, but if i set it to assign VLAN dynamically it just sets it to untagged and no IP is assigned.
I've configured clearpass to send IETF type 81 and the VLAN to the various ones available, but it seems to be ignoring it.
Are there any other values i need to be sending back?

RADIUS Response
Radius:IETF:Filter-Id Test
Radius:IETF:Tunnel-Private-Group-Id 50

thanks

--
WatchGuard M4800 (x2 Cluster)
WatchGuard M690 (x2 Cluster)
Firmware : 12.10.4

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Abertay

    The only RADIUS server I've specifically configured for this is NPS.

    If you take a look at the bottom of the article here:
    https://techsearch.watchguard.com/KB/WGKnowledgeBase?SFDCID=kA22A000000HQJ7SAO&type=KBArticle

    this shows what the access-accept must look like in order for that feature to work. If your RADIUS server isn't providing the highlighted data in that screenshot, dynamic VLANs won't work.
    You didn't include the AVP (attribute value pairs) - those must be the correct value or they will be ignored.

    If you're not getting anywhere with that and/or you've verified they're correct, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

  • AbertayAbertay

    Thanks James, I've got all those options enabled now, but not luck. Have raised a case with support.
    Radius:IETF:Framed-Protocol 1
    Radius:IETF:Service-Type 2
    Radius:IETF:Tunnel-Medium-Type 6
    Radius:IETF:Tunnel-Private-Group-Id 50
    Radius:IETF:Tunnel-Type 13

    --
    WatchGuard M4800 (x2 Cluster)
    WatchGuard M690 (x2 Cluster)
    Firmware : 12.10.4

Sign In to comment.