Community discussions

MikroTik App
 
pe1chl
Forum Guru
Forum Guru
Topic Author
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

WPA2-EAP and VLAN via RADIUS

Fri Mar 25, 2022 3:59 pm

When configuring WPA2-EAP using a RADIUS server, on other manufacturer's equipment it is possible to pass a VLAN number by returning RADIUS responses like this:
                       Tunnel-Type = "VLAN",
                        Tunnel-Medium-Type = "IEEE-802",
                        Tunnel-Private-Group-id = "62"
In this case the user will get an untagged connection which is tagged with VLAN 62 on the ethernet/bridge side.
It is possible to have different VLANs for different (groups of) users. Of course it may be necessary to pre-configure the used VLANs in several other devices in the network.

It appears that MikroTik supports this mechanism for Dot1X on switchports, but I see no mention of it in the Wireless documentation.
Is it somehow possible to use this with Wireless (WPA2-EAP) users?

Who is online

Users browsing this forum: Nullcaller, Rox169 and 30 guests