Roles and Policies
15.4 Configuring Derivation Rules
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
273
(scalance)(config)# wlan ssid-profile Profile1
(scalance)(SSID Profile "Profile1")# set-role mac-address-and-dhcp-options matches-
regular- expression \bring\b Profile1
(scalance)(SSID Profile"Profile1")# end (scalance)# commit apply
Understanding VLAN Assignment
You can assign VLANs to a client based on the following configuration conditions:
● The default VLAN configured for the WLAN can be assigned to a client.
● If VLANs are configured for a WLAN SSID or an Ethernet port profile, the VLAN for the
client can be derived before the authentication, from the rules configured for these
profiles.
● If a rule derives a specific VLAN, it is prioritized over the user roles that may have a VLAN
configured.
● The user VLANs can be derived from the default roles configured for 802.1X
authentication or MAC authentication.
● After client authentication, the VLAN can be derived from Vendor-Specific Attributes
(VSA) for RADIUS server authentication.
● The DHCP-based VLANs can be derived for captive portal authentication
Note
SCALANCE W supports role
derivation based on the DHCP option for captive portal
authentication. When the captive portal authentication is successful, the role derivation
based on the DHCP option assigns a new user role to the guest users, instead of the pre
-
To Next Page
Loading...
Need help?
General
