Meraki

Community

Same tunnel-private-group-id assign different VLAN

AlexP1
Conversationalist
‎Nov 24 2022 12:08 PM
‎Nov 24 2022 12:08 PM

Same tunnel-private-group-id assign different VLAN

Hello, 

 

I have a question with meraki switches and Radius. 

 

We have NPS Radius and cisco switches(2960) and today we have a configuration under NPS with a tunnel pvd group id with name (random01) and we have 4 floors.

When a client connect to floor 1 we assign a VLAN 101.

When connect to floor 2 assign VLAN 102 and so on!

(Dynamically assign VLAN) 

 

The policy under NPS is only one with the random01 attributre, and is the same for all the floors.

From the 2960 switch locally we have configured the properly VLAN, and based on the floor assign the correct VLAN.

 

Is it possible to do exactly the same dynamic VLAN assigmnent with Meraki switches and right configuration in meraki cloud??

 

Must we have the beta 15 version in meraki switches to achieve this?? 

 

/Alex 

Labels:
0 Kudos
11 Replies 11
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 12:20 PM
‎Nov 24 2022 12:20 PM

I believe you'll need to use the VLAN-ID instead of the VLAN-name on Meraki switches.  You could rewrite your access rule in NPS to reflect the number.  That will work on the 2960 switches too.

In response to GIdenJoe
AlexP1
Conversationalist
‎Nov 24 2022 12:28 PM
‎Nov 24 2022 12:28 PM

But then we will have problem with our NPS Radius.

Our client is in one domain group and we have no separation per floor with clients.

If t we have 3 or 4 policys in NPS then we will have confuse because the Radius wont know with policy will apply to our clients!! 

0 Kudos
In response to AlexP1
GIdenJoe
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 12:42 PM
‎Nov 24 2022 12:42 PM

The dynamic VLAN assignment through tunnel-private-group-id is a authorization result, not a matching criterium.

I would assume you are matching your clients correctly but you should change the authorization result to a number instead of a name so the switches will then apply vlan id number instead of name.

alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 12:24 PM
‎Nov 24 2022 12:24 PM

Yes, It is possible:

 

 

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X)

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
AlexP1
Conversationalist
‎Nov 24 2022 12:33 PM
‎Nov 24 2022 12:33 PM

Yes but we will have only one Radius role with one attribute under the tunnel group id, (random01 for example ) and then based on floor we will assign the properly VLAN.

 

We will not have a lot of Radius rules with tunnel group id all our VLANs!!!

 

0 Kudos
In response to AlexP1
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 12:37 PM
‎Nov 24 2022 12:37 PM

Have you read the documentation? Read it first. 😉

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
AlexP1
Conversationalist
‎Nov 24 2022 12:54 PM
‎Nov 24 2022 12:54 PM

Thank you for your answer!

I have read it!

If you mean under the section Dynamic VLAN Assignment this only describe how can we do with a specifically VLAN, for example 500. 

But i dont do this!!! You can check my previous post here!! 

 

 

 

0 Kudos
In response to AlexP1
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 1:06 PM
‎Nov 24 2022 1:06 PM

Nope, I'm talking about other Radius attributes that you can use.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 1:16 PM
‎Nov 24 2022 1:16 PM

Or you can use regex on NPS to filter it.

 

https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-crp-reg-expressions

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
AlexP1
Conversationalist
‎Nov 24 2022 1:37 PM
‎Nov 24 2022 1:37 PM

Hmm! Nice tips!!!

I can check it yes!!

 

Thank you again! 

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Nov 24 2022 1:44 PM
‎Nov 24 2022 1:44 PM

Just installing the Beta 15 is not enough. This feature is still in closed beta. I also wanted to try it and sadly it's not yet publicly available.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.