[RESOLVED] SSID wrong vlan attribution on OmniVista 2500

Topic

Hello,
I am starting to configure a new system with a Omnivista 2500 NMS wich controls somo stellar 1101 and 1221 Access Points.
I need to setup 3 SSID each one connecting to a different VLAN:

SSID Internal – with WPA2 Personal authentication passphrase – VLAN 6
SSID Mobile – With MAC Address Authentication (for mobile devices) – VLAN 10
SSID Guest – With captive portal authentication – VLAN 41

My administrative VLAN is VLAN 1 and all access points are register and inside a new AP Group.

SSID internal ins working properly, when i connect a device to this SSID it goes to VLAN 6 and with the corret IP Address.
The problem is with SSID Mobile, when i connect a device to tis SSID it goes to VLAN 6 instead ou VLAN 10 and receive IP address from VLAN 6.

Any idea of what i am doing wrong?

Best Regards

Date
25.03.2019
answers
3
views
171
Author
Asked by tanguy

Answers

nelsonvieira: Hi, than you for your replies, i create a all new configuration from scratch and now all vlans are assigned correctly. Fore testing purpose i create all 3 ssid with WPA Personal authentication. Now i am changing the SSID mobile to OPEN with MAC authentication as described on this video: https://www.youtube.com/watch?v=5y_G-y25nXg After that, all devices are able to connect to SSID Mobile without adding their MAC address to the internal database. I can see in the authentication records that the authentication has failed because wrong username/password as expected but they are connected on the correct VLAN and with valid IP address.

Thanks again for your help

Date
25.03.2019
Author
Asked by tanguy
Add Comment
Vote

BennyD has a good point right : at the OV level you should first check to which VLAN the default ARP associated to "SSID Mobile" is binded.

Nethertheless, a more direct way to check this association is to go to the "Unified Access => Unified Profile => Device Config => Access Role Profile" or directly to "https:///#/accessGuardian2.0/ag/deviceConfiguration/edgeProfileDeviceConfig" and check the VLAN association in the VLAN collumn (as show in the attached screenshot).

If you have the same vlan this is where your issue is coming from. as underlined by benny each SSID provisionned may have to be provisionned with a different default ARP (especially if you do not use UPAM to assign an Acces Role Profile after internal .1x auth or external Radius/AD authentication ).

If the VLAN binding is correct, may be you should check the DHCP answers and switch config.

What version of OV are you using ?

Best regards,

Khadir.

Date
25.03.2019
Author
Asked by klentil
Add Comment
Vote

Hi Tanguy, have a look at the "Access Role Profile", that is assigned to the successfull authenticated devices (If you use UPAM, you get that info under "UPAM Authentication Records"). This AR-Profile is connected with a VLAN, and assigned to the AP-Group. Maybe the Internal and Mobile-SSID are using the same AR-Profile with the same VLAN? Regards BennyD

Date
25.03.2019
Author
Asked by bennyd
Add Comment
Vote