MAC authentication regardless of IP pool

syedjahanzaib Lv1Posted 14 Dec 2022 01:27

Last edited by syedjahanzaib 14 Dec 2022 01:35.

To allow users mobile devices, we assign them ip from DHCP using specific pool like 192.168.1.0/24, then we create there local user account under in Sangfor "Acess management > Users Binding Mgt >  User Binding" . Also in Auth Policy, I have added policy on top that if user request is coming from thies 92.168.10/24 pool then use Local User Databses (as shown in the pictures attached).

This way when they access internet without any authentication.

I am now introducing VLANS for for every department. every department will have many phones. I cannot reserve there ips in particular pool as every dept will have different vlan pool, and users also roams between many depts all day. I cannot reseve there ip in each vlan pool.

Is there any way that no matter what ip pool user is coming from , & IF he have account (mac address) is added in "acess management > Users Binding Mgt >  User Binding", his internet should work Direclty?

Wiht Users Binding m I can have its proper name so that I can hvae his log by name as well and also monitoring is easy by username. Whats the workaround for it?



1.PNG (11.65 KB, Downloads: 539)

1.PNG

3.PNG (17.04 KB, Downloads: 536)

3.PNG

2.PNG (20.88 KB, Downloads: 545)

2.PNG

4 user binding.png (77.79 KB, Downloads: 541)

4 user binding.png

Happpy has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Yes it should work with MAC-IP Binding
Is this answer helpful?
Faisal P Posted 20 Dec 2022 21:28
  
You must define at least one DHCP server in order to create IP address pools.
Zonger Lv5Posted 20 Dec 2022 18:36
  
Yes, it can be worked with MAC-IP Binding
arjay Lv3Posted 20 Dec 2022 16:43
  
Yes, it should work on mac binding
Adonis001 Lv3Posted 19 Dec 2022 21:28
  
No work around for this for now
VanFlyheights Lv3Posted 19 Dec 2022 21:20
  
You must not enable to all but make an storage per node
jetjetd Lv5Posted 19 Dec 2022 16:34
  
For me this is my solution, create an SSID per department for each VLAN you plan to create. Create a second SSID, this SSID is for users that came from other departments. You can create any restrictions here or other resources that they will only access since they are from other departments.
ZoroZoro Lv3Posted 19 Dec 2022 14:39
  
I thinks there is no work around for this
Nami Lv2Posted 19 Dec 2022 14:32
  
Yes it could work on that way
Franky Lv3Posted 19 Dec 2022 14:24
  
It is maybe better to use Active Directory
noime Lv3Posted 19 Dec 2022 14:08
  
Try to have a separate AD

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders