Assign VLAN by EasyPass Onboarding User Group (XMS-Cloud)

Say we have two groups of users, Students and Staff. I would like to use a single EasyPass Onboarding Portal and SSID, but have the users segmented into 2 different VLANs.

We can add our users to EasyPass Onboarding and assign them to such groups.

I can then Enable VLANs in my Profile, and add a new User Group Policy based on the EasyPass Group. Here, I can Show Advanced settings and then specify a VLAN. But there is an info-box next to this section, “VLANs should not be used when assigning User Group by EasyPass.”

This makes sense say for EasyPass Azure/Google, where the connection is made to the network, then the user authenticates in a captive portal. The VLAN can’t be changed after connection. But, in EasyPass Onboarding, the User-PSK identifies the user and their group during the connection process.

My question, is it possible to use this setting to assign VLANs for EasyPass Onboarding User Groups despite the warning? Or is there another way to do so?

First off, thanks for your Question:

Regardless of the type of Onboarding authentication, Azure/Google etc., this is exactly what you have to define for the Users to get placed into the correct final VLAN. I believe the message may be incorrect.

Your statement:

“The VLAN can’t be changed after connection.” is not correct.

This is exactly how the User VLAN is changed to place the device into the correct VLAN after the device has associated, and authenticated. The AP will get the User Group membership via the Filter-ID and will disconnect the device from the primary association and when it reconnects to the AP, it will be placed into the destination VLAN and will be able to get a new IP from the destination VLAN.

Cambium Networks

1 Like