I just bought a RB751-2HnD. Great device. I'm trying to figure out how to configure the following setup. I want to have one SSID which authenticates wireless users. The security profile is set to WPA2-Enterprise with EAP methods set to "passthrough". There is an RADIUS server (Microsoft IAS) which identifies clients based on certificates and membership in a AD tree. Based on a criteria with 2 conditions each client is to be associated with the correct VLAN.
The router is connected via eth1 to the wired network. The switch in which is directly connected has the port configured in mode trunk with 3 allowed vlans to the router:
17 - client network 1
19 - client network 2
50 - management network
On the router I have set up the following vlan interfaces:
VL17 - master eth1 (trunk intf)
VL19 - master eth1 (trunk intf)
VL50 - master eth1 (trunk intf)
I have created 2 VirtualAP interfaces:
Name: Secure17 SSID: Secure
Name: Secure19 SSID: Secure
I have created 2 bridges as follows:
bridge17 - member ports: Secure17, VL17
bridge19 - member ports: Secure19, VL19
The SSID is hidden. I set up the connection on clients manually.
The way I want it to work is like this: If a user from client network 1 (vlan 17) connects to the wireless network, based on the criteria specified above, it should reach a DHCP server on the correct VLAN and lease an IP address. The same for a user which is from client network 2 (vlan 19).
My problem is that every client gets only IPs from the DHCP server on client network 1 (VL17). The RADIUS server sends back to the router correct information related to the network settings for that particular user. It has been tested with another router (Cisco) and works just fine. So I have confirmed that RADIUS, PKI and AD setup is OK.
If I setup 2 SSIDs, say Secure17 and Secure19, the same clients can connect to both and receive correct network settings (for that SSID!) - they reach the DHCP on the network segment which is connected to the correct VLAN.
The only issue I have is setting up the same SSID and have the router+RADIUS make all the network settings automatically based on the criteria specified (2 conditions).
Can someone with more experience help me figure out how can this be achieved? Or if can not, I can put this matter to rest
Thanks in advance and if there are unclear details, be so kind and ask!
Andrei
