Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

802.1x Authentication with Ruijie And Dynamic VLan Assignment on Ruijie Cloud Reply

adotelli

Level 1

802.1x Authentication with Ruijie And Dynamic VLan Assignment on Ruijie Cloud
6660 5 2023-6-9 22:30:57
Original
Hello everyone! I want to show you how to configure 802.1x authentication with Ruijie and how you can dynamic Vlan
assignment configuration on Ruijie Cloud. First step will be authentication with one Vlan and second will be multiple Vlans. Let's begin!
                    


                                                 802.1x Authenticationwith Ruijie                        





After we done the DC setup and Vlan configuration at gateway and switchs side, we move on to the NPS setup.
Now we set up the Active Directory Certificate Services and Network Policy and Acces Services.



   

















Afterthe installation of the services is finished, we perform the configs of ourcertificate service.





























We open our Network Policy Server and perform theregistration process.




Now we select the Radius server for 802.1x wireless or wired connections scenario from choosebar and we start the 802.1x configs.




SinceI will show the Vlan structure later, I set my policy name according to my VlanID





We add Radius Client. Here, our clients become our APs. We add the local ip of the APs and resolve their ip to verify











Then,when we enter the information of our Radius server in the portal where we manageour access points and we determine the secret key that it will ask us.




We continue when we see the name of the client we added from the list




Wechoose our Authentication method.



We add the group we created earlier in Active Directory.




And wefinish the network policy setup







We go to our management portal to make the configs on the access point side. In this scenario, I manage my ruijie products in the ruijie cloud, since we perform the ruijie Radius integration.
Now we adjust the Configuration>>Basic>>SSID settings.







Finally,we enter our Radius server information






NOTE: Do not forget to disable the Windows firewall onthe server. If you do not want to disable it, you need to write a rule for therelevant ports.
As of now, you can connect to the ssid you defined and logout to the internet with the user names and passwords you defined to the group's members (users) that will provide wireless connection with this policy. Let's continue to defining more than one VLAN with the same SSID process.

                                                     DYNAMIC VLAN ASSIGNMENT INRUIJIE               

  Our Vlans communicate with APs broadcasting SSIDs via Network Policy. We need to configure the policy separately for each vlan and configure the vlan ids and settings such as the group where the users to be connected with that vlan are defined. In the scenario we did above, we did not make these settings because we created a network with only native vlans. This time we will configure our network policy, which we previously created with native vlan, with vlan settings with 70 ID. You can also create the networkpolicy that you will create for each vlan you define as native and then configure it for the relevant vlan.


NetworkPolicy Side




Policies>>Network Policies>> We enter therelevant policy and add new ones to the standard Radius attributes.









Tunnel-Medium-Type













Tunnel-Pvt-Group-ID
The attribute where we define our Vlan ID. I added my vlan with 70 ID. You will also enter the ID you defined on the gateway and switch side in this section









Tunnel-Type
After adding this, we choose apply and we move on to theoperations on the AP side.











RuijieSide
First of all, we open Ruijie APs because SSH service isdisabled by default. By entering the interface of the AP directly;
Maintance>>System>>Telnet>>SSHServices  At here we also set the adminpassword while making ssh connection




After the SSH connection isestablished, we enter the following commands.
1 config ter
2 vlan range 2-10
3 vlan-group 10
4 vlan-assign-mode dot1x
5 vlan-list 1-10
6 default-vlan 1
7 int gi 0/1.1
8 encapsulation dot1Q group 10
9 ipdhcp snooping trust

10
interfacedot11radio 1/0.1
11 no encapsulation
12 encapsulation dot1Q group 10
13
interfacedot11radio 2/0.1
14 no encapsulation
15 encapsulation dot1Q group 10
16 end
17 wr

NOTE: Enter the vlan range and vlan list commandsconsidering your Vlan IDs.
We can see if our commands are working or not, by entering the interface of the AP, whether the Vlan list is defined or not. In the image below, because I configured the vlan list as 1-100, up to 100 vlans were defined. Or we can see the vlan list with the show vlan group command.





If you want to make this config to all your AP’s via RuijieCloud;
When we do Configuration>>Basic>>AdvancedSetting>>CLI Command>>Add  andselect the models of the devices that we want to aply the config in the windowthat opens, and then enter the command with a command on each line, the configwill be aplied on all the devices you select through those commands.





And it has done. Now, there will be one SSID and when theuser logs in with his credential, with the NPC we assign to the user and groupthat we have opened in Active Directory, he will be able to access the internetfrom the relevant VLan.



I hope i could help.


Kind Regards / Adnan AKBEL

RG-S5300-24GT2SFP2XS-P-E

Switch Wireless Cloud
0 2023-6-14 11:59:31 View all replies
Wonderfully Sharing!!!!!👍👍👍

0 2023-6-14 19:28:42 View all replies
Thank you for sharing.
Can you show how to customize the Ruijie login form?  

0 2023-7-12 10:37:15 View all replies
Dario Vindas replied at 2023-6-14 19:28
Thank you for sharing.
Can you show how to customize the Ruijie login form?
Hi sir,
May I know your detail demand?

0 2024-7-24 13:59:22 View all replies
Can I enable PPSK as well with 802.1x
If yes then do you have doc for that

0 2024-7-24 14:09:13 View all replies
nbctcp bun replied at 2024-7-24 13:59
Can I enable PPSK as well with 802.1x
If yes then do you have doc for that

Dear sir

Unforunately ,currently we don't relate doc about this
and for PPSK and 802.1x they can not be enabled at the same time

Best regards,
Ross

Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd