I try to find a general solution to the following problem:
Cisco WLAN environment, >50 intelligent APs, >300 WLAN User, multiple SSIDs. Behind every SSID is a different VLAN. DHCP enabled on the clients. The users standard of knowledge does not provide the means to configure their WLAN Client. Users are in an active directory.
The user must be able to connect to their VLAN without knowing the key of the corresponding SSID.
The momentary solution is an correspondingly hard konfigured WLAN Adapter with RJ45 connector which provides access to the requested SSID / VLAN.
To clarify: WLAN Adapter A -> Access to SSID A / VLAN A
WLAN Adapter B -> Access to SSID B / VLAN B
Now there are users with i.e. iPads without an RJ45 port, who should also be able to connect to their VLANs.
How can I do this?
I thought I could get a running 802.1X network based on a WLC 4402 and controlled APs, but if I enable 802.1X the old hard konfigured WLAN Adapters stop functioning because they do not support that standard. The withdrawal from service of the WLAN Adapters is not an option.
If anyone has suggestions, I would greatly appreciate.
I think the best solution to your problem would be to allow VLAN assignment via RADIUS. This way you can group users in AD and then create a policy on the RADIUS server to instruct the AP/WLC to assign a specific VLAN for that user. If you have devices that your organization does not control then it would be my recomendation to create a guest only SSID using web auth that provides Internet access only. To move forward with this solution I would recomend using either EAP-TLS or PEAP and group policy to automate the SSID configuration and certificate enrollment if needed.
Right, if we want to do dynamic VLAN assignment the only option is via RADIUS which then requires some type of EAP method for authentication. So from what I gather from the thread is that we cannot do 802.1x for authentication. This leaves us only with the option of an SSID per VLAN and a PSK for authentication. That said we can use configuration options such as HREAP and AP Groups to help keep the SSID configuration to a minimum across the network.