In current implementation, a VLAN can be assigned different ways and in this order of priority from the Weakest to the strongest . In case of conflict between the VLAN assignments , the strongest takes precedence and override the others .
1. Default VLAN defined in the SSID (weakest)
2. After successful Authentication, the VLAN can be Dynamically assigned using via the
3. After successful authentication, the VLAN can be assigned based on a user group using the filter_ID attribute (strongest)
The following use cases cannot be achieved based on the current implementation and override rules.
Use Case1: I want to use 802.1x authentication and assign a station to a VLAN using the dynamic VLAN (2 above) based on the source MAC address. At the same time, since the station can be used by multiple users (admin, managers, coworkers, etc), I want to apply a set of policies using the filter_Id (item 3 above) but not override the VLAN.
Use Cas2: I want to statically assign a VLAN to an SSID. At the same time, I want to apply user group without overriding the default SSID. (this is partially implemented AOS when you select "no VLAN change" in the user group VLAN but the customer reported a bug during the POC)
PROPOSED SOLUTION (TO BE CONFIRMED AND AGREED WITH ENGINEERING:
In each user group, add VLAN override rules options with three choices "use SSID default VLAN, Use Dynamic VLAN assignment, Numeric Value (0-4095)"
- When "Use SSID default VLAN" is selected, it will become the strongest VLAN and will override the other VLAN assignments (in that case the only other VLAN assignment possible is the dynamic VLAN)
- When "Use Dynamic VLAN" is selected, this becomes the strongest and will override the SSID default VLAN
- When " Numeric Value" is selected, the filter ID VLAN assignment will override the Dynamic VLAN and SSID default VLAN. To maintain backward compatibility with previous AOS versions , this should be the default setting.
Business Case from Kyle Holmes
Just a scope of the potential size and timing of opportunity, Lou has addressed the technical drivers..
This is a net new account and an opportunity to get a foot in the door at the University. Steve Cook is the Director of the CISC Computing facility on campus. The CICS Computing Facility is a department of UMASS that is independent from the rest of University from a procurement standpoint but still part of the school and part of the overall budget. They have their own standards and are leaned on by the campus for testing, vendor selection, etc... They are currently doing a bake off of wireless technology as part of a refresh project for current infrastructure. It is currently Cisco but the rest of University is Aruba.
Steve has 35 AP’s in his environment currently and has a timeline of 2-3 more weeks to complete his testing and move forward with a vendor/purchase just for the computing facility. We got in the door at the last second and are the last vendor to be tested. The rest of campus is going to rely on Steve’s vendor selection as part of their own refresh. They will initially need 1600 AP’s but ultimately plan on spending 5-10 million on projects for wireless over the next 5 years.. Winning this project at CICS is instrumental in winning and competing for the campus wide business.
They plan on spending 5 Mil over next 5 years on wi-fi and a 1600 AP refresh in one pocket over next 6 mths. The campus is leaning on Steve’s POC as how they proceed with refresh.
Ultimately, this would be a huge opportunity for Xirrus if we win this POC. The immediate impact will only be Steve’s 35 AP’s but will allow us the opportunity to refresh the 1600 AP’s that the campus is going refresh over the next 6 months as well as the entire campus over the next 5 years. The potential is limitless as UMASS one of the largest University Campuses in New England (40,000 students) and would be an unbelievable reference account if we can get in.