Globetek Infoway

  • Indo Japan House, 4th Floor, Saltlake, Kolkata - 700091
  • sales ( @ ) 24onlinetech.com / sales ( @ ) globetek.co.in
  • 🇮🇳 +91 85850 04344
  • 🇸🇬 +65 9376 1563
GlobeTek Infioway - Managed Internet Solutions in India | HSIA gateway, Hotspot Gateway
Talk to sales
GlobeTek Infioway - Managed Internet Solutions in India | HSIA gateway, Hotspot Gateway

Dynamic VLAN

What is Dynamic VLAN and How 24online Can Implement It with Cisco and Ruckus Access Points

Dynamic vlan

In modern enterprise and ISP networks, managing users on a static network can be inefficient and difficult to scale. Organizations need a smarter way to automatically assign users to the correct network segment based on their identity, device type, or authentication credentials. This is where Dynamic VLAN comes into play. By integrating authentication platforms like 24Online with networking infrastructure from Cisco and Ruckus Networks, service providers can automate VLAN assignment and significantly enhance network management and security.

What is Dynamic VLAN?

A Dynamic VLAN is a networking mechanism that automatically assigns users or devices to a specific VLAN after successful authentication. Instead of manually configuring VLANs on switch ports or access points, the VLAN assignment is controlled by an authentication server such as a RADIUS server.

When a user connects to the network, the authentication server verifies the credentials and instructs the network device (switch or access point) to place that user into a specific VLAN.

Key Benefits

  1. Automated Network Segmentation – Users are automatically placed into the correct VLAN.

  2. Improved Security – Unauthorized users cannot access restricted networks.

  3. Simplified Network Management – Administrators do not need to configure VLANs manually for each port.

  4. Scalability – Ideal for large Wi-Fi deployments such as campuses, hotels, and ISPs.

Role of 24online in Dynamic VLAN

24online acts as an AAA (Authentication, Authorization, and Accounting) platform and includes a built-in RADIUS server.

In a Dynamic VLAN environment, 24online performs the following functions:

  • Authenticates users (via captive portal, username/password, voucher, etc.)

  • Sends VLAN attributes to the network device through RADIUS

  • Tracks user sessions and bandwidth usage

  • Applies policies such as bandwidth limits or access restrictions

Dynamic VLAN Architecture

Typical components involved in the setup include:

  1. User Device (Laptop / Mobile)

  2. Access Point – from Ruckus Networks

  3. Network Switch / Controller – from Cisco

  4. Authentication Server – 24online

  5. Core Network / Internet Gateway

Basic Workflow

  1. User connects to WiFi through a Ruckus Access Point.

  2. The AP forwards the authentication request to 24online via RADIUS.

  3. 24online verifies the user credentials.

  4. 24online sends a VLAN ID attribute in the RADIUS response.

  5. The AP or switch dynamically assigns the user to the specified VLAN.

  6. The user receives an IP address from the DHCP server of that VLAN.

VLAN Assignment Through RADIUS

During authentication, 24online sends VLAN information using RADIUS attributes such as:

  • Tunnel-Type = VLAN

  • Tunnel-Medium-Type = IEEE-802

  • Tunnel-Private-Group-ID = VLAN ID

For example:

User TypeVLAN IDAccess
Staff10Internal Network
Students20Restricted Internet
Guests30Internet Only

This ensures each category of users is automatically isolated within the network.

Implementation with Cisco and Ruckus

Step 1: Configure VLANs on Cisco Switch

On the Cisco switch, create the required VLANs.

Example:

  • VLAN 10 – Staff

  • VLAN 20 – Students

  • VLAN 30 – Guest

Ensure trunk ports allow these VLANs to pass between switches and access points.

Step 2: Configure Ruckus Access Points

On Ruckus Networks access points:

  • Configure SSID authentication via RADIUS

  • Point the RADIUS server to the 24online server IP

  • Enable dynamic VLAN assignment

  • Allow VLAN tagging from RADIUS responses

Step 3: Configure RADIUS in 24online

In 24online:

  1. Add Cisco switches and Ruckus APs as NAS devices.

  2. Configure RADIUS authentication.

  3. Create user profiles mapped to VLAN IDs.

  4. Assign VLAN attributes in the RADIUS reply.

Example:

ProfileVLAN ID
Corporate Users10
Students20
Guests30
Step 4: DHCP Configuration

Each VLAN should have its own DHCP scope so that when users join a VLAN dynamically, they receive the correct IP address range.

Example:

VLANDHCP Range
10192.168.10.0/24
20192.168.20.0/24
30192.168.30.0/24

Use Cases

Dynamic VLAN deployment using 24online is widely used in:

  • Universities and campuses

  • Hotels and hospitality WiFi

  • ISP hotspot networks

  • Corporate guest networks

  • Multi-tenant buildings

Conclusion

Dynamic VLAN is a powerful network segmentation technique that improves security, scalability, and management efficiency. By integrating 24Online with infrastructure from Cisco and Ruckus Networks, organizations can automate VLAN assignment based on user authentication.

This approach enables seamless user onboarding while ensuring that each user or device is placed into the appropriate network segment without manual configuration. As networks continue to grow in size and complexity, dynamic VLAN solutions like this are becoming an essential part of modern network architecture.

 

Have questions or want to see the 24Online AAA Server in action?
Get in touch with us today to schedule a demo.

📧 Email: sales@24onlinetech.com
📞 Call: +91 85850 04344

 

Follow us on Facebook, LinkedIn and YouTube to stay updated on the latest technological innovations in the telecom industry.

 

Contact us for free consultation for your ISP Requirement

GlobeTek Infioway - Managed Internet Solutions in India | HSIA gateway, Hotspot Gateway
Contact Support