Captive portal and different dhcp scopes

  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hi

Our school consists of around 1200 students and I'd like them to be able to connect to a single WLAN and authenticate using the captive portal, we are using a Zone Director 3000.

We use /24 subnet masks so this doesn't allow for enough IPs.

We have many VLANs set up and our DHCP scopes give out the following IPs, for example -

Vlan 71 - 192.168.71.0 - 71.253
Vlan 72 - 192.168.72.0 - 72.253
Vlan 73 - 192.168.73.0 - 73.253
Vlan 74 - 192.168.74.0 - 74.253

Is there any way to set up a single SSID to use the captive portal linked to Active Directory to give the user an IP address depending upon the role they are set up in on the Zone Director?

So the role settings state that year 7's use the vlan 71, year 8's use vlan 72 etc.

Thanks in advance :) 
Photo of Ben Matthews

Ben Matthews

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Rahul Koul

Rahul Koul, Employee

  • 75 Posts
  • 12 Reply Likes
Hello Ben,

I am afraid with this requirement you cannot use Captive Portal authentication. 

This can only be achieved using 802.1X authentication with Dynamic VLAN where the users who connect to a SSID get VLAN assigned based on their Group attributes. 802.1X authentication requires a Radius server.

Regards,
Rahul 
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
Ben,

quick question,

are these VLAN location specific? like in X building you want users to get IP from Vlan 71 - 192.168.71.0 - 71.253 etc?

Cheers...
(Edited)
Photo of Rahul Koul

Rahul Koul, Employee

  • 75 Posts
  • 12 Reply Likes
I see where you are going with that. Are you going to suggest to use VLAN over ride option in WLAN Groups if the VLANs are location specific?
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
no i m not going in that direction...
Photo of Ben Matthews

Ben Matthews

  • 2 Posts
  • 0 Reply Likes
Hi 

Thanks for your reply. 

The VLAN's aren't location specific. We have a VLAN for each student year group. 

Can this only be achieved with Zero IT Activation or Radius server?

Many thanks
Photo of Rahul Koul

Rahul Koul, Employee

  • 75 Posts
  • 12 Reply Likes
Hi Ben,

802.1X with Dynamic VLAN seems to be the only way you can achieve this config.

Regards,
Rahul