Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
New Member
Posts: 8
Registered: ‎12-30-2017
Solutions: 1
Accepted Solution

Using 802.1x on port carrying Wireless and Wired, best approach?

Hi Guys

 

I don't really want to authenticate with Radius, but rather use its ability for Dynamic VLANing, my conudrum though is I use Homeplugs, for carrying Wireless and Wired traffic back to my switch - So I was wondering will activating 802.1x work on the port that the homeplug comes back to, allow me to control the VLAN for both Wired and Wireless? Or would Wireless devices have to be done at the AP level?

 

I've given it an attempt and have not been very successful, so before spending anymore time on it, I thought it best to ask the pro's Man Happy

 

Thanks


Accepted Solutions
Highlighted
New Member
Posts: 8
Registered: ‎12-30-2017
Solutions: 1

Re: Using 802.1x on port carrying Wireless and Wired, best approach?

[ Edited ]

For anybody else looking for an answer:

 

I've only done limited testing with a single AP and Switch port so far, but by the looks of it, if you apply 802.1x on a Port, it will apply it to all devices coming through that Port, including those connect to Wireless APs. So in effect, you use the USG's Radius server, to specify what VLAN each Device should be placed into, any device not in the list, will get dropped into the FALLBACK VLAN. 

 

This is fairly cool, it allows me to created a tiered VLAN

 

VLAN 1 - MGT (all Unifi devices etc)

VLAN 2 - Isolated VLAN, No Internet connectivity

VLAN 3 - IoT DMZ

VLAN 12 - Servers

VLAN 14 - Family Devices and WIFI

 

Rather than routing through the USG, I'm basically using it for the Radius and couple of other features. Instead, I'm using a Palo Alto FW as my primary Firewall, which allows easier zoning and filtering.

View solution in original post


All Replies
Highlighted
New Member
Posts: 8
Registered: ‎12-30-2017
Solutions: 1

Re: Using 802.1x on port carrying Wireless and Wired, best approach?

[ Edited ]

For anybody else looking for an answer:

 

I've only done limited testing with a single AP and Switch port so far, but by the looks of it, if you apply 802.1x on a Port, it will apply it to all devices coming through that Port, including those connect to Wireless APs. So in effect, you use the USG's Radius server, to specify what VLAN each Device should be placed into, any device not in the list, will get dropped into the FALLBACK VLAN. 

 

This is fairly cool, it allows me to created a tiered VLAN

 

VLAN 1 - MGT (all Unifi devices etc)

VLAN 2 - Isolated VLAN, No Internet connectivity

VLAN 3 - IoT DMZ

VLAN 12 - Servers

VLAN 14 - Family Devices and WIFI

 

Rather than routing through the USG, I'm basically using it for the Radius and couple of other features. Instead, I'm using a Palo Alto FW as my primary Firewall, which allows easier zoning and filtering.