Dynamic VLAN for 802.1X

The RADIUS server uses dynamic VLAN to assign a VLAN ID to the WLAN client for 802.1X authentication. This assigns clients to the required VLAN without the need to operate a separate SSID for each VLAN.

The RADIUS server must send the following attributes in the accept message:

ID Name Meaning Possible values in LCOS LX
64 Tunnel-Type Defines the tunneling protocol which will be used for the session. 13 (VLAN)
65 Tunnel-Medium-Type Defines the transport medium over which the tunneled session will be established. 6 (IEEE 802)
81 Tunnel-Private-Group-ID Specifies a required VLAN ID. 1 – 4096

Specific issues when using RADIUS authentication with dynamic VLAN assignment on LCOS LX access points (802.1X):

If RADIUS authentication with dynamic VLAN assignment is to be configured, there are some special features to be considered for LCOS LX devices, which are summarised in this Knowledge Base article.


LANCOM Systems GmbH | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E-Mail info@lancom.de