I have a question regarding Radius Server with Dynamic Vlan Assignment for SSD profiles.
Basically I would like to have Dynamic VLAN Assignment and VLAN pooling enabled. I am running 7.4.5 code version and whenever I enable Dynamic VLAN Assignment, it disabled the VLAN pooling. I did find a documentation that it is possible 7.4.1 version came that both dynamic vlan assignment and vlan pooling is possible, reference:
However; this is not working in code 7.4.5 code version. I would really like to have this feature that support vlan pooling with Radius because this setting in Cisco called RADIUS Server Overwrite interface, Meru called Radius With VLAN Pooling, allows us to have restricted access and unrestricted access at the same time based on the Network Policy server rules. This makes it easier to have users in groups tied to authentication where if a user is not allowed, will still have restricted access and allowed to have unrestricted access where server send a tag or called vlan id back to the controller to designate user in to a specific vlan.
I would like this as a feature request if any engineer see this if this is not possible or if it is possible, how to achieve it.
Thank You.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
According to the referred guide/method by you at the beginning of the conversation, you do not need to enable this option.
Please look at my config.
However, if you would like to use "VLAN assignment by FortiAP group" or "VLAN assignment by VLAN pool", you will need it. Please look at the below docs.
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/153336/vl...
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/84238/vla...
Just by having 'Dynamic VLAN assignment' enabled is enough to move hosts to the desired VLANs based on the policies in the RADIUS server. All the necessary host grouping is done through the RADIUS server policies. VLAN pooling is some basic technique to share the hosts in different VLANs just randomly to distribute the load.
When I enable Radius Server slider in the GUI and enable dynamic vlan assignment, it says vlan pooling is not available when dynamic vlan assignment is enable.
We need both dynamic vlan assignment and vlan pooling at the same time. 7.4.5 documentation says it is possible but when you actually try to enable dynamic vlan assignment, it disabled vlan pooling. If you do that in GUI, you will see it slider gets turned off.
How does this configuration work and assign vlans dynamically to the users without vlan pooling enabled as you can see in the GUI? Can you please clarify?
The original document makes no claims of this being configurable in the GUI.
As far as I can tell, this is a CLI-only situation, and you need to configure this in the CLI.
Hi,
According to the referred guide/method by you at the beginning of the conversation, you do not need to enable this option.
Please look at my config.
However, if you would like to use "VLAN assignment by FortiAP group" or "VLAN assignment by VLAN pool", you will need it. Please look at the below docs.
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/153336/vl...
https://docs.fortinet.com/document/fortiap/7.6.0/fortiwifi-and-fortiap-configuration-guide/84238/vla...
Thank You. It is clear.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.