Flexconnect -Dynamic VLAN Assignment with RADIUS Server

Posted on Posted in Flexconnect

Dynamic VLAN Assignment with RADIUS Server

In most WLAN systems, each WLAN has a static policy that applies to all clients associated with a Service Set Identifier (SSID), or WLAN in the controller terminology. Although powerful, this method has limitations, because it requires clients to associate with different SSIDs to inherit different QoS and security policies.

However, the Cisco WLAN solution supports identity networking. This allows the network to advertise a single SSID, but allows specific users to inherit different QoS or security policies based on the user credential.

Dynamic VLAN assignment is one such feature that places a wireless user into a specific VLAN based on the credentials supplied by the user. A RADIUS authentication server, such as CiscoSecure ACS or ISE, handles this task of assigning users to a specific VLAN.

Dynamic VLAN Assignment is possible with FlexConnect branch deployments based on VLAN ID or VLAN Name for central switching and based on VLAN ID only, for local switching WLANs prior to this release. This release introduces the feature that allows VLAN Name Override for FlexConnect Local Switching WLANs as well.

VLAN Name Override Overview

The VLAN Name Override feature is useful in deployments that have a single central radius authenticating multiple branches. With hundreds of different branches, it becomes very difficult to standardize VLAN IDs across all sites and requires a configuration that provides a unique VLAN Name mapped locally to a VLAN ID that can be different across different branch locations.

This design involving different VLAN IDs across different sites is also useful from the sizing and scaling perspective to limit the number of clients per Layer 2 broadcast domain.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.