Active directory Group policy User authentication into different Vlan's

MichelRueger
Building a reputation

Active directory Group policy User authentication into different Vlan's

Hi all,

 

I have around 50 Meraki Access Point but no MX.

We have a Microsoft Active directory Server.

We have 1 SSID (Welcome) and we have 3 different VLAN's. Now I want that if  you connect  to the Wireless you get a Splash page witch ask for Login and password and if you login with a Studen User Account (AD group Student) you will be put in VLAN 100, if you use a Teacher User Account (AD group Teacher) you will be put in Vlan 200 and if you use a Login from a internal User you will be put in VLAN 300. 

 

IS this posible and if yes how? I checked all possible Meraki doku but didn't found something.

 

Thanks for any Help

 

Michel Rueger

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

@ww is right about using RADIUS.   The solution works better if you use WPA2 Enterprise mode. 

 

With a splash page if you drop them into a new vlan there is nothing to tell the client to release their existing IP address and ask for a new one. 

 

Also note got can push per user group policy,  and have different firewall rules based on who the user is.   This does work nicely with a splash page. 

Fady
Meraki Employee
Meraki Employee

Hi 

 

I have created video to show step by step guide that you can view below

https://www.youtube.com/watch?v=mMSSfy_mIlQ&t=646s

https://www.youtube.com/watch?v=TQNgh5m5ehU

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels