Required RADIUS Attributes

For dynamic VLAN to work, you must configure the following RADIUS attributes for each user:

  • Tunnel-Type: Set this attribute to VLAN.
  • Tunnel-Medium-Type: Set this attribute to IEEE-802.
  • Tunnel-Private-Group-ID: Set this attribute to the VLAN ID to which you want to segment this user.

Depending on your RADIUS setup, you may also need to include the user name or the MAC address of the wireless device that the user will be using to associate with the AP. The following table lists the RADIUS user attributes related to dynamic VLAN.

Table 20 RADIUS user attributes related to dynamic VLAN
Attribute Type ID Expected Value (Numerical)
Tunnel-Type 64 VLAN (13)
Tunnel-Medium-Type 65 802 (6)
Tunnel-Private-Group-Id 81 VLAN ID
Here is an example of the required attributes for three users as defined on Free RADIUS: 
0018ded90ef3
   User-Name = user1,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = IEEE-802,
   Tunnel-Private-Group-ID = 0014
00242b752ec4
   User-Name = user2,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = IEEE-802,
   Tunnel-Private-Group-ID = 0012
013469acee5
   User-Name = user3,
   Tunnel-Type = VLAN,
   Tunnel-Medium-Type = IEEE-802,
   Tunnel-Private-Group-ID = 0012
NOTE
The values in bold are the users' MAC addresses.
Parent topic: How Dynamic VLAN Works