Radius and vlan authentication

That should be possible via SSID configuration.

As you can assign the VLAN ID as the Radius server assign them:

Hi.

This way is a static association.

I think what it's wanted is to assign a VLAN dyamically from the radius, ex: Tunnel-PVT-Group-ID = 20 where 20 is the vlan ID for the authenticated user.

I'm struglling with this situation and I think it's not possible to assign a dynamic vlan.

Still searching... :)

Hi.

This way is a static association.

I think what it's wanted is to assign a VLAN dyamically from the radius, ex: Tunnel-PVT-Group-ID = 20 where 20 is the vlan ID for the authenticated user.

I'm struglling with this situation and I think it's not possible to assign a dynamic vlan.

Still searching... :)

This is possible.

Create a VLAN Interface for every VLAN your WiFi users need to access.

Create a RADIUS Server in XG and enable it in Wireless>Wireless Settings

On the RADIUS Server create Groups and Mappings for the Users and VLANs.

Find information here: https://community.sophos.com/kb/en-us/127328

and here (for VLAN assignment in RADIUS): https://www.expertnetworkconsultant.com/configuring/ieee-802-1x-authentication-and-dynamic-vlan-assignment-with-nps-radius-server/

In Wireless create a Wireless network with WPA enterprise and a default (that VLAN-Interface must exist on XG) VLAN ID.

That should be most of it.

Thanks! I will take a closer look.

I think the equipment has some kind of limitation regarding the local wifi (the antenna of the firewall itself) that does not support binding with VLAN (https://docs.sophos.com/nsg/sophos-firewall/v17.0.9/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp/WPNetworkEdit.html).

If so, I will have to buy another access point :(

PJC