Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VLAN Assignment of SSID using Cisco AV Pair or Dot1x ?

Hi.

I am looking to setup wireless access to 2 of my internal VLANs. I am using Cisco 1130AG, PEAP and RADIUS for the authentication as one network is for employees only and one restricted to guests only.

I was wondering which was the most recommended solution.

1. To have 2 SSIDs, with one in each VLAN with the access restricted using the Cisco AV Pair attribute in RADIUS

or

2. Use one SSID and use Dot1x and the Tunnel attribute to assign the VLAN?

This option I feel is more complicated and I am still unsure how this works in reality as the SSID itself can only be part of one VLAN????

Do I have to configure a Dot11Radio and Fastethernet interface for each intended vlan in this case?

Could someone please explain and suggest their preferred option.

Thanks.

1 REPLY
Hall of Fame Super Silver

Re: VLAN Assignment of SSID using Cisco AV Pair or Dot1x ?

You should have two ssid's one for your internal and one for guest. You should use 802.1x for your internal and your guest should be open with a Login page of some sort. You can still use dynamic vlan assignments so that your internal users who try to access the guest page will be put on the internal vlan. Of course the guest will always be placed on the guest vlan. If you have a WLC, the login page and setup is easier, because in autonomous you will have to use something like ZoneCD for guest if you want a HotSpot type wifi.

-Scott
*** Please rate helpful posts ***
178
Views
0
Helpful
1
Replies
CreatePlease to create content