Retirement community with 1200+ residents. How can we setup individual "networks" without 1200+ SSIDS?

  • 1
  • Question
  • Updated 5 months ago
  • (Edited)
the goal is to have joe smith print to the printer in his apartment from anywhere on campus. or allow him to use his phone to control his tv.  etc. 

We use radius for corporate devices with a single SSID, works great.

For our residents we have a seperate SSID. Another seperate for guests. 

if we use radius we can assign Vlans to each resident.  What would be the onboarding process for their devices? What is the maximum number of VLANs this could support?

Would we need to create an NPS policy for each user?  Is this a good use case for CLoudpath?

 I'm trying to wrap my head around this and am probably missing something simple. I appreciate any help or clarification you can provide.
Photo of Aaron Ruppert

Aaron Ruppert

  • 3 Posts
  • 0 Reply Likes

Posted 5 months ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2183 Posts
  • 301 Reply Likes
Do you ever talk to the folks you bought your equipment from?  Detailed design questions and products to meet CU needs are what your VARs are there for, and whom we'd like to to contact please.
Photo of Aaron Ruppert

Aaron Ruppert

  • 3 Posts
  • 0 Reply Likes
Yes, but I like to have some ideas beforehand so both they and I can be prepared. thanks!
Photo of Shaun Van Tonder

Shaun Van Tonder

  • 24 Posts
  • 1 Reply Like

Why don't you make a Vlan for corporate users and a Vlan for guest and students.

You can then allow students and guest only access to the internet and corporate users access to the printers, servers and internet.


Our college environment is setup in the fashion and it works flawlessly:

Aps are on default vlan 1 with all the switches and same IP range.

We have 3 SSID  Corporate Wifi, Guest Wifi & Student Wifi

Corporate Wifi is for example vlan 2

Guest and Student SSID is for example VLAN 3

Our corporate users don't have to enter in a passkey for wireless as we are using radius server 2008r2 and their pcs have to be part of the domain computers group.

The guest ssid uses the guest feature of the zonecontroller and we generate 1 key once a week for guests.

The student ssid uses captive portal authenticating via their AD credentials on their domain controller.

Vlan 3 is blocked from seeing any other vlans on the main core switch so they only have access to internet.


Regards,


Shaun

(Edited)
Photo of Shaun Van Tonder

Shaun Van Tonder

  • 24 Posts
  • 1 Reply Like
Apologies I misunderstood your question completely. Seems you want each resident to have their own vlan. That's a bit hectic I would say. There is a feature to block clients communicating on the same vlan. That might help in this scenario.
Photo of Aaron Ruppert

Aaron Ruppert

  • 3 Posts
  • 0 Reply Likes
the goal is to allow residents to print to their wireless printer from their ipad,or use their amazon echo to interact with other devices,etc. while still isolating them from everyone else. Client isolation kills this ability. I think I'm leaning to just using D-PSK with Vlan assigned to the users.  Unfortunately this would require a ton of DHCP scopes to be created and a lot of switch configuration to create the vlans. 
Photo of Shawn McVay

Shawn McVay

  • 3 Posts
  • 0 Reply Likes
You need an add on device - check out RG Nets.
Photo of Shaun Van Tonder

Shaun Van Tonder

  • 24 Posts
  • 1 Reply Like

Wow I see what you are wanting to do. Basically have a private network for each individual household.. To be honest I haven't carried out a configuration of that kind. One way like you say is to create vlans but that's a TON of vlans. I would also like to know what a viable solution would be to carry this out.


Regards,

Shaun