Skip to menu Skip to content Skip to search
The Spacewalkers Forum

Forum

You have to be logged in to ask a question
Question
Asked by Tanguy tanguy
STELLAR
Asked on 25 March 2019 11 h 30 min

[RESOLVED] SSID wrong vlan attribution on OmniVista 2500

Hello,
I am starting to configure a new system with a Omnivista 2500 NMS wich controls somo stellar 1101 and 1221 Access Points.
I need to setup 3 SSID each one connecting to a different VLAN:

SSID Internal – with WPA2 Personal authentication passphrase – VLAN 6
SSID Mobile – With MAC Address Authentication (for mobile devices) – VLAN 10
SSID Guest – With captive portal authentication – VLAN 41

My administrative VLAN is VLAN 1 and all access points are register and inside a new AP Group.

SSID internal ins working properly, when i connect a device to this SSID it goes to VLAN 6 and with the corret IP Address.
The problem is with SSID Mobile, when i connect a device to tis SSID it goes to VLAN 6 instead ou VLAN 10 and receive IP address from VLAN 6.

Any idea of what i am doing wrong?

Best Regards

Answer question
Your vote :
Rating : 0
RESOLVED
Answers
Answer by tanguy
Answered on 28 March 2019 14 h 48 min

nelsonvieira: Hi, than you for your replies, i create a all new configuration from scratch and now all vlans are assigned correctly. Fore testing purpose i create all 3 ssid with WPA Personal authentication. Now i am changing the SSID mobile to OPEN with MAC authentication as described on this video: https://www.youtube.com/watch?v=5y_G-y25nXg After that, all devices are able to connect to SSID Mobile without adding their MAC address to the internal database. I can see in the authentication records that the authentication has failed because wrong username/password as expected but they are connected on the correct VLAN and with valid IP address.

Thanks again for your help

Your vote :
Rating : 0
Answer by klentil
Answered on 25 March 2019 18 h 27 min

BennyD has a good point right : at the OV level you should first check to which VLAN the default ARP associated to "SSID Mobile" is binded.

Nethertheless, a more direct way to check this association is to go to the "Unified Access => Unified Profile => Device Config => Access Role Profile" or directly to "https:///#/accessGuardian2.0/ag/deviceConfiguration/edgeProfileDeviceConfig" and check the VLAN association in the VLAN collumn (as show in the attached screenshot).

If you have the same vlan this is where your issue is coming from. as underlined by benny each SSID provisionned may have to be provisionned with a different default ARP (especially if you do not use UPAM to assign an Acces Role Profile after internal .1x auth or external Radius/AD authentication ).

If the VLAN binding is correct, may be you should check the DHCP answers and switch config.

What version of OV are you using ?

Best regards,

Khadir.

Your vote :
Rating : 2
Answer by bennyd
Answered on 25 March 2019 14 h 12 min

Hi Tanguy, have a look at the "Access Role Profile", that is assigned to the successfull authenticated devices (If you use UPAM, you get that info under "UPAM Authentication Records"). This AR-Profile is connected with a VLAN, and assigned to the AP-Group. Maybe the Internal and Mobile-SSID are using the same AR-Profile with the same VLAN? Regards BennyD

Your vote :
Rating : 0