Create a WxLAN Policy to Override Client VLANs
Support per site VLAN flexibility with Multi-Pre-Shared Key (mPSK) by creating WxLAN policies that override client VLANs.
Let's illustrate the value of this feature by looking at a common use case when implementing Multiple-PSK. In this scenario, Site A needs the flexibility to use VLAN A for PSK A and VLAN B for PSK B. Site X needs to use VLAN X for PSK A and VLAN Y for PSK B. You can create WxLAN policies to assign VLANs to clients based on the PSK user role. The WxLAN-driven VLANs override any other VLAN assignments on a client. For example, this policy would override a dynamic VLAN that was received from RADIUS.
You can use this feature in addition to the normal methods of assigning a user to a VLAN by policy such as through RADIUS AVPs (Tunnel-Private-GroupId or Airespace-Interface-Name) or VLAN attached to MPSK.
Requirements
-
APs must have firmware version 0.14.29091 or newer.
-
The VLANs must be configured either in the VLAN list in the WLAN settings, ETH0 port configuration, or Mist Tunnel.
To create a WxLAN policy to override client VLANs: