It wasn't particularly difficult and many attributes from login name, authenticator type, location, machine name, and snmp names can be used to differentiate and pass different vlans... just do your research on what the cisco is looking for when passing a vlan..
As an aside, the scenario we've seen both wired and wireless goes like this: We have a vlan ascribed to authentication/Updates only, no internet, nothing but a domain controller login conduit; then we have staff, student, lab vlans, and so forth... The clients perform machine authentication via 802.1x... the machines are placed in the auth only vlan.. then the student staff or user logs in, and is placed in the proper vlan.. the ip address is invalid and for a few moments 10 -15 seconds they get "limited or no connectivity" until Microsoft retries the dhcp requests... Having one or two SSIDS is king, and when it works, its magic! From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 1:25 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Yes I can imagine. Thanks for the heads-up. How hard has it been to provision via RADIUS? I am in favor of the reduced SSID load over the air. Are MAC addresses the only thing can you use to map attributes to? What about machine names? Thanks for your feedback, Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | [email protected] <BLOCKED::mailto:[email protected]> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 4:10 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Correct, but it generated a ton of support calls.. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Johnson, Bruce T Sent: Friday, May 15, 2009 12:45 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Is that a temporary condition until DHCP completes? Bruce T. Johnson | Network Engineer Partners Healthcare | Network Engineering | 617.726.9662 | Pager: 31633 | [email protected] <BLOCKED::mailto:[email protected]> ________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Jason Appah Sent: Friday, May 15, 2009 3:43 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users The only thing about that is training your users to accept the limited or no connectivity state when connecting to the assigned vlan... From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Mike King Sent: Friday, May 15, 2009 12:04 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users You don't mention if your using 802.1x, but if you are, you can utilize "Vlan Override". http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_e xample09186a0080665ceb.shtml which allows you to throw users int specific VLAN's based on RADIUS return attributes. All off the same SSID. Mike On Fri, May 15, 2009 at 2:39 PM, Jason Appah <[email protected]> wrote: You could still get away with that with FAT AP's That is since they are autonomous, you could assign different vlans and in turn different ip scopes to the same ssid as they are all unawares of each other. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Scott Irey Sent: Friday, May 15, 2009 11:27 AM To: [email protected] Subject: Re: [WIRELESS-LAN] WLAN Deployment-High number of users Not sure if Cisco has anything like this but Aruba has vlan pooling which allows multiple vlans to be assigned to the same SSID and the algorithm will assign clients to each vlan based on that. That works well if you want to continue to broadcast the same ssid over all of campus. Not sure if Cisco does anything similar. We have multiple profiles here (per building) all using the same ssid but depending on what AP you associate to you will get assigned that profile which has the vlan assignment. Scott Irey Network & Telecom Systems Engineer Oakland University Office: 248.370.2808 Mobile: 248.505.9827 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of reflect ocean Sent: Friday, May 15, 2009 1:52 PM To: [email protected] Subject: [WIRELESS-LAN] WLAN Deployment-High number of users Hi I run a medium-sized wifi network.We are cisco shop (autonommous access points).Recently wifi users number have reached limits we didn't expect.Because of that,we had to adjust our subnet network in order to support more users associated to the only SSID our wireless network use. I've been looking for alternative to create another ssid and associate it to another different subnet but I can't find any related to. Our wireless lan is currently reaching 1000 users or so.I'm not very confortable with the idea of having such number of users in wireless subnet. We have deployed around 60 cisco autonomous acess points throughout the campus and this subnet is firewalled and routed in our core switch which is a hope away to accessing Internet.It's very simple design. What would be a recommended deployment in this case with a growing number of users? Would deploying lwap bring any advantage to this design? We want to keep a single ssid and mobility for wireless users. Would mesh network bring any benefit? Thank you ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
