This section provides the configurations required to enable device registration with dynamic VLAN assignment in a multi-vendor environment.
nx9500-6C8809(config)#radius-group Apple nx9500-6C8809(config-radius-group-Apple)#policy vlan 200
nx9500-6C8809(config)#radius-group Samsung nx9500-6C8809(config-radius-group-Samsung)#policy vlan 100
nx9500-6C8809(config)#radius-group Devices nx9500-6C8809(config-radius-group-Devices)#policy vlan 1
Note
If necessary, configure the session-time for each of the above configured RADIUS group. This is the duration for which a RADIUS group client‘s session remains active after successful authentication. Upon expiration, the RADIUS session is terminated. Use the policy > session-time > <5-144000> command to specify the session-time.nx9500-6C8809(config)#radius-user-pool-policy Vendor-Devices
nx9500-6C8809(config-radius-user-pool-Vendor-Devices)#user Samsung password 0 samsung group Samsung
nx9500-6C8809(config-radius-user-pool-Vendor-Devices)#user test password 0 test123 group Apple
nx9500-6C8809(config)#radius-server-policy Guest-Radius
nx9500-6C8809(config-radius-server-policy-Guest-Radius)#use radius-user-pool-policy Vendor-Devices
nx9500-6C8809(config-radius-server-policy-Guest-Radius)#use radius-group Samsung
nx9500-6C8809(config-radius-server-policy-Guest-Radius)#use radius-group Sony
nx9500-6C8809(config-radius-server-policy-Guest-Radius)#use radius-group Apple
nx9500-6C8809(config)#aaa-policy OnBoard-NX
nx9500-6C8809(config-aaa-policy-OnBoard-NX)#authentication server 1 onboard controller
nx9500-6C8809(config-aaa-policy-OnBoard-NX)#show context aaa-policy OnBoard-NX authentication server 1 onboard self nx9500-6C8809(config-aaa-policy-OnBoard-NX)#
nx9500-6C8809(config)#captive-portal DeviceRegistration
nx9500-6C8809(config-captive-portal-DeviceRegistration)#server host captive.extremenoc.com
nx9500-6C8809(config-captive-portal-DeviceRegistration)#radius-vlan-assignment
nx9500-6C8809(config-captive-portal-DeviceRegistration)#use aaa-policy OnBoard-NX
nx9500-6C8809(config-captive-portal-DeviceRegistration)#access-type radius
nx9500-6C8809(config)#wlan CP-OnBoarding
nx9500-6C8809(config-wlan-CP-OnBoarding)#ssid CP-OnBoarding
nx9500-6C8809(config-wlan-CP-OnBoarding)#radius vlan-assignment
nx9500-6C8809(config-wlan-CP-OnBoarding)#use aaa-policy OnBoard-NX
nx9500-6C8809(config-wlan-CP-OnBoarding)#use captive-portal DeviceRegistration
nx9500-6C8809(config-wlan-CP-OnBoarding)#captive-portal-enforcement fall-back
nx9500-6C8809(config-wlan-CP-OnBoarding)#registration device group-name Devices expiry-time 4320
nx9500-6C8809(config-wlan-CP-OnBoarding)#authentication-type mac
nx9500-6C8809(config-profile-SITE-10)#use radius-server-policy Guest-Radius
nx9500-6C8809(config-profile-SITE-10)#use captive-portal server DeviceRegistration
nx9500-6C8809(config-profile-SITE-10-if-radio2)#wlan CP-OnBoarding bss 1 primary
nx9500-6C8809(config-profile-SITE-10-if-ge1)#switchport mode trunk
nx9500-6C8809(config-profile-SITE-10-if-ge1)#switchport trunk native vlan 90
nx9500-6C8809(config-profile-SITE-10-if-ge1)#switchport trunk allowed vlan 1,90,1000-1002
nx9500-6C8809(config-profile-SITE-10-if-ge1)#no switchport trunk native tagged
radius-server-policy | Documents RADIUS server policy configuration commands |
radius-group | Documents RADIUS group policy configuration commands |
radius-user-pool-policy | Documents RADIUS user policy configuration commands |
AAA Policy | Documents AAA policy configuration commands |
captive-portal | Documents captive-portal configuration commands |
wlan | Documents WLAN configuration commands |
Profiles | Documents profile configuration commands |
guest-registration (show commands) | Documents show > guest-registration command and outputs. Use this command to view guest registration statistics once device-registration is enabled. |