Hello,
I have a question with meraki switches and Radius.
We have NPS Radius and cisco switches(2960) and today we have a configuration under NPS with a tunnel pvd group id with name (random01) and we have 4 floors.
When a client connect to floor 1 we assign a VLAN 101.
When connect to floor 2 assign VLAN 102 and so on!
(Dynamically assign VLAN)
The policy under NPS is only one with the random01 attributre, and is the same for all the floors.
From the 2960 switch locally we have configured the properly VLAN, and based on the floor assign the correct VLAN.
Is it possible to do exactly the same dynamic VLAN assigmnent with Meraki switches and right configuration in meraki cloud??
Must we have the beta 15 version in meraki switches to achieve this??
/Alex
I believe you'll need to use the VLAN-ID instead of the VLAN-name on Meraki switches. You could rewrite your access rule in NPS to reflect the number. That will work on the 2960 switches too.
But then we will have problem with our NPS Radius.
Our client is in one domain group and we have no separation per floor with clients.
If t we have 3 or 4 policys in NPS then we will have confuse because the Radius wont know with policy will apply to our clients!!
The dynamic VLAN assignment through tunnel-private-group-id is a authorization result, not a matching criterium.
I would assume you are matching your clients correctly but you should change the authorization result to a number instead of a name so the switches will then apply vlan id number instead of name.
Yes, It is possible:
https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)
Yes but we will have only one Radius role with one attribute under the tunnel group id, (random01 for example ) and then based on floor we will assign the properly VLAN.
We will not have a lot of Radius rules with tunnel group id all our VLANs!!!
Have you read the documentation? Read it first. 😉
Thank you for your answer!
I have read it!
If you mean under the section Dynamic VLAN Assignment this only describe how can we do with a specifically VLAN, for example 500.
But i dont do this!!! You can check my previous post here!!
Nope, I'm talking about other Radius attributes that you can use.
Or you can use regex on NPS to filter it.
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-crp-reg-expressions
Hmm! Nice tips!!!
I can check it yes!!
Thank you again!
Just installing the Beta 15 is not enough. This feature is still in closed beta. I also wanted to try it and sadly it's not yet publicly available.