How to configure WPA2-Enterprise (802.1X) with Dynamic VLAN by Nebula Cloud Authentication Server

Zyxel_Judy
Zyxel_Judy Posts: 1,631  Zyxel Employee
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula
edited January 2023 in Authentication

When the station wants to connect with the AP, you can use Nebula Cloud Authentication Server (NCAS) to provide access control to your network. In this example, assuming there are two stations in different groups and they can connect to the same SSID for accessing the Internet, but get IPs in different subnets because of the dynamic VLAN settings. Nebula provides user to assign different VLAN for the users created in NCAS.

 

Using Dynamic VLAN let different groups get different subnet’s IPs, so the network security is higher. Moreover, more application can apply for the network such as one group have the higher rate/ priority than others, etc.


Configuration: 
1. Go to Access point > Configure > SSID setting, and configure the SSID name. Click Enabled, and Save.


2. Go to Access point > Configure > SSID advanced setting. Select WPA2-Enterprise with Nebula Cloud authentication in Network access, and click Save.


3. Site-wide > Configure > Cloud authentication, select User and click +Add button


4. Input VLAN assignment (10 and 20 for example) and user information as the image below, and click Create User.

 

Note that: VLAN assignment feature is Nebula Pro pack feature and require 6.00 or newer AP firmware version and incorrect VLAN setting will cause connection issue.

 

Verification:

Access point > Monitor > Clients



Judy

See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community