Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Mist AI Wireless Juniper Mist Wireless Assurance Configuration Guide WLAN Guest Portal

Juniper Mist Wireless Assurance Configuration Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Mist Wireless Assurance Configuration Guide
Table of Contents Expand all
list Table of Contents

Automatic Client VLAN Assignments

date_range 03-Mar-25
arrow_backward
arrow_forward

You can set up the WLAN so that users are automatically connected to a given VLAN according to the username/password they enter. You do this by configuring dynamic VLANs in the Mist portal, in conjunction with a RADIUS server. For unknown clients, you can send them to the Guest Network. The RADIUS server should already be connected to you switch. Likewise, your access points (APs) should be connected to the switch, with the correct VLANs configured.

The following VLAN types are supported for dynamic VLANs: Airespace-Interface-Name and Tunnel-Private-Group-ID.

RADIUS Setup

Although the specific RADIUS-side configuration will vary by provider, in general the idea is to configure a shared secret for encrypting and signing client traffic, to allow inbound traffic from the clients IP addresses, and to have a users list that identifies the WLAN clients you want to segment, and their associated VLAN IDs.

Using FreeRADIUS server as an example, you would edit the following files: clients.conf and users.

Configure the network and a secret for client requests in clients.conf, like so:

content_copy zoom_out_map
#client WLAN-1 
{ 
# ipaddr= 192.0.2.0/24 
# secret= testing123-1 
#}

Configure the /etc/freeradius/user file with a list of WLAN users (including their user name, password, and VLAN association) like so:

content_copy zoom_out_map
user1 
Cleartext-Password := "password1" 
User-Name = user1, 
Tunnel-Type = VLAN, 
Tunnel-Medium-Type = IEEE-802, 
Tunnel-Private-Group-ID = 10 

user2 
Cleartext-Password := "password2" 
User-Name = user2, 
Tunnel-Type = VLAN, 
Tunnel-Medium-Type = IEEE-802, 
Tunnel-Private-Group-ID = 20 

user3 
Cleartext-Password := "password3" 
User-Name = user3, 
Tunnel-Type = VLAN, 
Tunnel-Medium-Type = IEEE-802, 
Tunnel-Private-Group-ID = 30

If you are using FreeRADIUS server and it is not returning tunnel attributes in the Access-Accept request, and/or if the user is not being assigned correct IP address (from the VLAN), then you may need to add a line to the /etc/freeradius/mods-available/eap.conf file:

use_tunneled_reply = yes

WLAN Setup

Figure 1: Dynamic VLAN is available with WPA3 and WPA2 Security Types Dynamic VLAN is available with WPA3 and WPA2 Security Types

As noted, you can set up your WLAN so when users log on to it, they are automatically connected to a selected VLAN. In the Mist portal, this is called Dynamic VLANs, and you can enable the feature as follows:

  1. In the Juniper Mist portal, click Organization > Wireless | WLAN Templates, and on the WLAN Templates page, click Add WLAN (or select from the list the WLAN you want to use).
  2. Give the SSID a name (or select in from the WLANs section of the template). Typically, the SSID name is the same as the name of the WLAN so that it's easy to find and remember.
  3. In the WLAN window, under the Security panel, select WPA3 or WPA2 for the Security Type and Enterprise (802.1X). This action also unlocks the Dynamic option in the VLAN section.
  4. In the Authentication Servers panel, select RADIUS.

    • Click Add Server and specify the IP address of your RADIUS server.

    • Add the shared secret that is already configured on your RADIUS server.

    • Click the check mark icon when done to post your changes (you still need to click Save in the upper right corner when finished with all the steps).

  5. In the VLAN panel, choose Dynamic and then specify the following, as appropriate:

    • Static VLAN ID(s)—You can specify static VLANs or VLAN pool IDs (requires AP firmware version 0.14.x or later). Alternatively, you can specify a variable or use both VLAN IDs and variables. Delimit multiple values with a comma, no space.

    • VLAN Type supports both Airespace-Interface-Name and Tunnel-Private-Group-ID RADIUS attributes. Note that VLAN Type works on a per-WLAN basis. In other words, you can't use two different types on the same SSID.

      • VLAN ID—(also called Standard) This is the Tunnel-Private-Group-ID. Specify the VLAN IDs as configured in your users file on your RADIUS server. If entering multiple VLAN IDs and/or ranges on the same line, delimit with a comma (CSV support is for Standard Tunnel-Private-Group-ID only).

      • Named— This is the Airespace-Interface-Name. Specify the interface names configured in your users file, and along side it, the corresponding VLAN ID you want to use.

  6. Fill out the rest of the configuration as needed.
  7. Click Save at the top of the screen when you are done.
arrow_backward PREVIOUS Compare WLAN Guest Portal Options
NEXT arrow_forward Add a Custom Guest Portal to a WLAN
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
Automatic Client VLAN Assignments
keyboard_arrow_right
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top

keyboard_arrow_down
file_download
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
language