We would like to deploy a secured and easy infrastructure at a customer location where external devices are connected on the switches. As a retailer working with franchise, the IT staff must be able to manage desktops and cameras from which the MAC address are unknown or changing (anyway unmanaged).
The idea would be that if the RADIUS finds the device, it will answer with ip and VLAN for the router DHCP to assign. The switch would then automatically adapt to an access port for this VLAN.
I have seen similar scenarios for other vendors but of course we want a 100% peplink solution
Thx!
PS: There are almost 200 sites, 500+ users, it has to be easy…
If you want to have a lot of security, you need a NAC system. If you do it with Radius or other tools like macmon (with snmp). Important is to have that feature.
We will add Dynamic VLAN Assignment support in the next SD Switch firmware.
In the next version, to have RADIUS assigned-VLAN, turn on Authentication by RADIUS, enable Port-based 802.1x authentication on switch ports.
In RADIUS server, setup additional RADIUS attributes used in identifying a VLAN ID: Tunnel-Medium-Type: Select 802 (Includes all 802 media plus Ethernet canonical format) for the Attribute value Commonly used for 802.1X. Tunnel-Pvt-Group-ID: Enter the VLAN desired (ex. 10) This value will specify the VLAN ID 10. Tunnel-Type: Select Virtual LANs (VLANs).
Once these attributes are configured on the RADIUS server, client devices can receive their VLAN assignment dynamically.
@dennis.hofheinz, the platform of the LAN switch for Balance/MAX and SD Switch are different. We will implement this into SD Switch at the moment. We will study the feasibilty for Balance/MAX router.