Skip to main content

Tue, Dec 22, 2015 9:54 PM

Cloudpath/Radius server with vlan pooling, can it be done?

We will be on-boarding staff, student and guest personal devices using Cloudpath. We currently have over 2,500 student personal devices and I would rather not place them all in a single vlan which would create a lot of broadcast traffic.

I want to create a vlan pool consisting of eight /23 vlans. A /23 vlan yields about 500 IP addresses with eight of them giving me 4,000 addresses I can hand out to student personal devices. A /23 is nice and small to cut down on broadcast traffic and keep performance optimal. I then want students to authenticate via Cloudpath and be placed in this vlan pool.

This can already be done with Aruba
http://goo.gl/PvX5OU

Can I do this with Cloudpath and Ruckus?

Responses

333 Messages

 • 

5.1K Points

5 years ago

You could use Loopback interfaces:
interface GigabitEthernet0/0.101
description student WiFi
encapsulation dot1Q 101
ip unnumbered Loopback10
ip helper-address 10.10.10.1
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map cloudpath
no cdp enable
and repeat for as many VLANs as you are using

116 Messages

 • 

2.3K Points

5 years ago

What you have described is a bit out of my area of expertise. I am bit foggy on the interaction between a radius server and the Ruckus controller works but this is my best guess. I believe a radius server can easily return an attribute that indicates that this is a student personal device trying to authenticate to the network. What I am not sure is possible is the Ruckus controller taking that attribute and placing that device/student in a vlan pool as defined in the controller. The attribute can be used to place the student/device in a single vlan but I want the student/device placed in a vlan pool.

Exactly how would using a loopback interface help in this regard?

26 Messages

 • 

470 Points

3 years ago

I know this is old but I can't find an answer.  Is it possible to send back a DHCP pool from cloudpath?

6 Messages

 • 

136 Points

3 years ago

I believe if you have dhcp pooling configured on the Vsz and you return a null value from the radius server for the vlan, the controller will place users in different VLANs as expected.  You may run into issue when trying to configure multiple pools on a per role basis. 

22 Messages

 • 

582 Points

2 years ago

VLAN Pool can be returned via a RADIUS VSA

6 Messages

 • 

136 Points

2 years ago

Abhi,

Can you expand on your response please. What it the attribute used?

Thanks,

Nathan

22 Messages

 • 

582 Points

2 years ago

Hi Nathan,
I misspoke, while SZ does support the VLAN pool VSA 'Ruckus-Vlan-Pool' that is not yet added on Cloudpath. I will raise a request and get this added in the next release.

6 Messages

 • 

136 Points

Ahbi,

From what version of SZ is this reported? I literally just had a TAC case requesting this information.  Thanks for the info, I'm excited to try this out.

Cheers!

26 Messages

 • 

470 Points

I am doing this now with our SZ100 and hosted Cloudpath.  I have several user roles (StudentBYOD for example) on the SZ which assigns the VLAN Pool that I want.  In my Cloudpath workflow under Policy - Radius Attributes I specify that user role name in the Filter ID field.

22 Messages

 • 

582 Points

Nathan,
I pulled this from 5.0 AAA guide from support portal. Also John makes a good point while VLAN pool VSA is directly not available, it can be packaged within the role attribute.