Cloudpath/Radius server with vlan pooling, can it be done?

  • 1
  • Question
  • Updated 2 months ago
  • (Edited)
We will be on-boarding staff, student and guest personal devices using Cloudpath. We currently have over 2,500 student personal devices and I would rather not place them all in a single vlan which would create a lot of broadcast traffic.

I want to create a vlan pool consisting of eight /23 vlans. A /23 vlan yields about 500 IP addresses with eight of them giving me 4,000 addresses I can hand out to student personal devices. A /23 is nice and small to cut down on broadcast traffic and keep performance optimal. I then want students to authenticate via Cloudpath and be placed in this vlan pool.

This can already be done with Aruba
http://goo.gl/PvX5OU

Can I do this with Cloudpath and Ruckus?
Photo of David Henderson

David Henderson

  • 98 Posts
  • 21 Reply Likes

Posted 3 years ago

  • 1
Photo of Sean

Sean

  • 349 Posts
  • 92 Reply Likes
You could use Loopback interfaces:
interface GigabitEthernet0/0.101
description student WiFi
encapsulation dot1Q 101
ip unnumbered Loopback10
ip helper-address 10.10.10.1
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map cloudpath
no cdp enable
and repeat for as many VLANs as you are using
Photo of David Henderson

David Henderson

  • 98 Posts
  • 21 Reply Likes
What you have described is a bit out of my area of expertise. I am bit foggy on the interaction between a radius server and the Ruckus controller works but this is my best guess. I believe a radius server can easily return an attribute that indicates that this is a student personal device trying to authenticate to the network. What I am not sure is possible is the Ruckus controller taking that attribute and placing that device/student in a vlan pool as defined in the controller. The attribute can be used to place the student/device in a single vlan but I want the student/device placed in a vlan pool.

Exactly how would using a loopback interface help in this regard?
Photo of John Westlund

John Westlund

  • 10 Posts
  • 2 Reply Likes
I know this is old but I can't find an answer.  Is it possible to send back a DHCP pool from cloudpath?
Photo of Abhi Maras

Abhi Maras, Employee

  • 19 Posts
  • 10 Reply Likes
VLAN Pool can be returned via a RADIUS VSA
Photo of Nathan Bailey

Nathan Bailey

  • 2 Posts
  • 0 Reply Likes
Abhi,

Can you expand on your response please. What it the attribute used?

Thanks,

Nathan
Photo of Abhi Maras

Abhi Maras, Employee

  • 19 Posts
  • 10 Reply Likes
Hi Nathan,
I misspoke, while SZ does support the VLAN pool VSA 'Ruckus-Vlan-Pool' that is not yet added on Cloudpath. I will raise a request and get this added in the next release.
Photo of Nathan Bailey

Nathan Bailey

  • 2 Posts
  • 0 Reply Likes
Ahbi,

From what version of SZ is this reported? I literally just had a TAC case requesting this information.  Thanks for the info, I'm excited to try this out.

Cheers!
Photo of John Westlund

John Westlund

  • 10 Posts
  • 2 Reply Likes
I am doing this now with our SZ100 and hosted Cloudpath.  I have several user roles (StudentBYOD for example) on the SZ which assigns the VLAN Pool that I want.  In my Cloudpath workflow under Policy - Radius Attributes I specify that user role name in the Filter ID field.
Photo of Abhi Maras

Abhi Maras, Employee

  • 19 Posts
  • 10 Reply Likes
Nathan,
I pulled this from 5.0 AAA guide from support portal. Also John makes a good point while VLAN pool VSA is directly not available, it can be packaged within the role attribute.