RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs

Unanswered Question
May 14th, 2009

Could someone please tell me is this 100% correct?

"RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs"

Any ideas why? Does anyone have a way around this?

As a workaround I was thinking of setting up one broadcast SSID for guests and one non-broadcast SSID for RADIUS assigned VLANs, however i'd prefer to have both broadcast due to numerous Vista and PDA connection issues.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
patoberli Thu, 05/14/2009 - 00:59


here, on a Wlan Controller 4.2 based solution, is that Radius feature working.

It's important that you select the option "Allow AAA Override" in the SSID.

And on the Radius you need to set:

[064] Tunnel-Type

Tag 1 Value VLAN

[065] Tunnel-Medium-Type

Tag 1 Value 802

[081] Tunnel-Private-Group-ID

Tag 1 Value [the number of the VLAN]

Then you could even use the same SSID to assign the users into different VLANs ;)

But you need to have all VLANs configured as a virtual interface.



mikedelafield Thu, 05/14/2009 - 23:45


Thanks for your reply.

That is what I would like to do; have one SSID and assign the users to different VLANs based on policy.

I have all the VLANs and subinterfaces set up correctly and working independently, but the VLAN assigment does not seem to work correctly.

If I do a "show dot11 association all-client" the RADIUS attribute appears to have altered the VLAN, but the device has no connectivity and cannot DHCP.

This is with 1130AG in autonomous mode and Microsoft IAS as RADIUS.

Apparently there may be a problem with mbssid and RADIUS assigned VLANs.

patoberli Fri, 05/15/2009 - 00:23

I forget to add, I have all VLANs also as it's own SSID. This whole Radius assignement is more a protection issue in case the person tries to assign to the "wrong" ssid. But I do spread, in my case 4 VLans, all VLans also in their own SSID (3 of them hidden, one for the masses, public). Maybe you need to do that too.



This Discussion



Trending Topics - Security & Network