ISE Single SSID BYOD - Windows Endpoint user experience

Similar Messages

• Radeon HD 6750M - Sudden drop windows 7 user experience index scores and performance in Battlefield 3

  Ok I have a strange problem regarding the performance of my graphics card Radeon HD 6750m in my bootcamped window 7 and maybe in OSX,here's what happened.
  Firstly I noticed this when going to load up Battlefield 3 which has been ruining fine on low settings since it first came out, but today i loaded the game as usual and when i started playing i noticed that the performance had completely bogged down to about 1 fps and had became unplayable so had a look at the video settings and they were all the same (set to the lowest possible) so i quit the game and restarted the game/machine a couple of time but no change, still completely unplayable for no apparent reason.
  So next a checked my Windows user experiance index number and notice that windows had detected changes in my hardware so i ran the test again, previously my scores were
  cpu: 7.5
  ram: 7.6
  graphics: 6.9
  gamming graphics: 6.9
  Hdd:5.9
  overall score 5.9
  the new test results came in and every things else had stayed the same apart from the two relating to the graphics had some how changed, the new results were:
  cpu:7.5
  ram:7.6
  graphics: 3.9
  gaming graphics: 5.7
  overall score
  I was completely confused how such a drop in performance could happen as i have not changed any of the hardware? is almost like the performance has halved relating to my gpu.
  I have tried reinstalling drivers but still no resolution
  I was wondering if anyone else had had this problem and what the possible causes could be and how a could fix this
  my hardware is:
  MacBook Pro 17-inch, Early 2011
  Processor  2.3 GHz Intel Core i7
  Memory  8 GB 1333 MHz DDR3
  Graphics  AMD Radeon HD 6750M 1024 MB
  hdd: 750 GB

  Yeah its all very strange, in my opinion it must be something to with the drivers. After I had relised that something had seriously changed with my hardware setup in the way windows recognizes the graphics card, I tried reinstalling different versions of the drivers for the AMD Radeon HD 750M and one version gave me a small improvement of about 0.2 in the windows user experience thing scale in the category that scores the graphics (cant remember which version the driver was was as it was a spur of the moment thing) so could be a driver problem but it was working fine using the preview drivers AMD provided on their web site before.
  I have also tried using the the original disk that bootcamp created during the install to re-install origianl divers (basically all the necessary drivers for windows to recognise hardware in Macbook Pro) and that never made any difference.
  This also happened before the windows update that you wrote about Cuziuzi (its was an optional update for the windows 64bit) because I installed this after battlefield 3 had died on me thinking it might resolve the problem.
  on a sidenote steam is refusing to lauch games on osx and i'am the process of re-downloading the game again to  try and fixes the issue (have only got L4D2).
  I am going to look into it tomorrow and try to figure out what the problem is and post some info about drivers specifications and some more clarifying information.
  Hopefully my GPU is not in the process of dying on me after the constant heat bombardment it has to endure thanks to Apples great design philosophy of visual aesthetics over functionality, fingers crossed Battlefield has not fried it!
  Also cziuzi what's ur hardware specs?

• ISE 1.3 Why are Windows endpoints defaulting to 802.1x machine authentication in wireless profile and not User or User&Computer

  We are running ISE 1.3 tied to AD with WLC 7.6.130.0.  Our ISE has a GoDaddy (none wildcard) certificate loaded for https and EAP.  We are just running PEAP.  We have a mix of IOS, Android, and Windows 7/8 devices.  IOS and Android devices can self create a wireless profile and after entering credentials can connect without issue.  Our Windows 7/8 devices, when auto creating a wireless profile are selecting 802.1x machine authentication instead of User authentication or the best option which is machine or user authentication.  This is problematic as we do allow for machine authentication but have an authorization rule limiting machine auth to domain controller and ISE connectivity only.  This is to allow domain Windows 7/8 devices to have domain connectivity prior to user sign-in but force user auth to get true network connectivity.  The problem is why are the Windows devices not auto setting to user authentication (as I think they did when we ran ISE1.2), or the best option which is to allow both types of authentication?  I have limited authentication protocols to just EAP CHAP and moved the machine auth profile to the bottom of the list.  Neither have helped.  I also notice that the Windows 7/8 endpoints have to say allow connectivity several times even though we are using a global and should be trusted certificate authority (probably a separate issue).
  Thank you for any help or ideas,

  When connecting a windows device to the ISE enabled SSID when there is not a saved wireless profile on that machine, it will connect and auto create the profile.  In that profile, 802.1x computer authentication option is chosen by windows.  That has to be changed to computer or user for the machine to function correctly on the network.
  On 1.2, this behavior was different.  The Windows device would auto select user authentication by default.  At other customer sites, windows devices auto select user authentication.  This of course needs  to be changed to user or computer in order to support machine auth, but at least the default behavior of user authentication would allow machines to get on the network and functional easily to begin with.

• Cisco ISE 1.1.1 - Single SSID

  I'm working on our ISE implementation and these are my two goals.
  1.  Single SSID for BYOD users and corporate managed systems.
  Login to the NAC agent if not part of the domain (EX: windows laptop not part of the domain joins the SSID, goes through the self service portal, downloads NAC agent, must login to NAC agent whenever joining network with AD credentials)
  AD login required to join this SSID, no guests allowed
  2.  Guest SSID
  Guest login only - requires sponsor
  web agent required for windows machine
  AV required
  Current AV definitions required
  Are these goals attainable or am I better to go in a different direction is my first question.
  Second, using the Cisco BYOD Smart Solution Guide (link at bottom of post) it mentions the single SSID as not being a complicated component but it only runs through the dual SSID solution, what settings are needed for a single SSID? I'm using Open + MAC Filtering but when the supplicant attempts to connect it doesn't work because it's looking for a WPA2 network with the same SSID name.
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html
  Single SSID is specifically mentioned here:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html#wp504735

  David,
  What the documentation did was that it created a condition which does the check for the ssid in the access-request:
  Guest_Authz is a user-defined simple authorization condition for guests  accessing the Internet via Web authentication through the WLAN  corresponding to the open guest SSID. It matches the following RADIUS AV  pair from the Airespace dictionary:
       Airespace-Wlan-Id - [1] EQUALS 1
  So that when the user connects to the network they are connecting through the guest ssid in which this has the wlan id of 1. Either you can do that in your authorization rule right in the screenshot or you can create this condition under the policy elements tab.
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ISE and Selfservice with single SSID

  Hi, i have:
  WLAN 2504 Controller with 7.2 Software
  ISE 1.1.2
  A single SSID with 802.1x Authentication
  Today the wireless users are authenticated against an cisco acs. I want to switch to the ISE and make use of the mydevices portal. I want to re-use my single SSID and don't want to make any provisioning.
  - The user connects to the single SSID
  - The user configures peap authentication on his device
  - The user authenticates to a ldap directory with username and password
  - After successfull authentication the user will be redirected to the mydevices portal
  - he logs in with his ldap credentials
  - the mac address of his current device is listed in the mydevice portal
  - user adds his device to the known devices list
  - manual reconnect to my ssid
  Is this possible with ISE? Is there a howto out there with exact this scenario?
  Kind regards

  Hello Andreas,
  WLC 2504 supports CWA, CoA & dACL.
  This wireless controller also supports MAC filtering with RADIUS lookup. For WLCs that support version 7.2.103.0, there is support for session ID and COA with MAC filtering so it is more MAB-like. So it should fulfill your requirement and you can use single SSID.
  For more detailed help review “Universal WLC Configuration Guide” & “ISE 1.1.x Network Component Compatibility” at the following location:
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_11_universal_wlc_config.pdf
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1.1/compatibility/ise_sdt.html
  Regards,
  Ashok

• End-User Experience error running agent on windows server 2008 R2

  Hi,
  I have installed implemented the end-Uer experience agent in a Windows 7 without issues but when we have installed the SDM 7.30 agent and the SAP GUI 730 in a Windows server 2008 R2 and we have configured the agent as End-User experience monitoring Robot in solution manager.
  We have distributed one script without issues but the executios are failing with the message:
  "SAPGUI Compontent" could not be instantiated (sapfewse):605
  We have reviewed the bellow notes but wothout success:
  1261706 - Kill bits set for SAP GUI Scripting
  1092631 - Remote vulnerabilities in SAP GUI for Windows
  We are able to run the scripts in the server directly in the SAPGUI and even with the EemEditor.
  SAP message is open since last week, but my be you can provide a faster response.
  Could you please help me.
  Kind Regards

  Have you followed installation procedure described in the following article: http://www.cisco.com/en/US/docs/security/ibf/setup_guide/ibf10_install.html ?
  You can find troubleshooting hints in the following article: http://www.cisco.com/en/US/docs/security/ibf/setup_guide/ibf10_troubleshooting.html
  I'd reccomend to install CDA instead of AD agent (nice GUI...) but you'll have to create new (virtual) server for that: http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html

• I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

  Hi team,
  I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
  I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

  http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
  I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
  waiting expert opinions.

• Maintenance Window & User Experience setting

  Hello,
  We're having a lot of issues regulating our Windows Updates, mind you I consider myself novice to intermediate when it comes to SCCM has I have been managing the SCCM software and update deployments for a year or so now at work.
  My question is the following:
  I have Software (Windows) Updates scheduled to be pushed to every workstation on the network on the First Monday morning of every month.
  All of them have an ASAP availability and installation Window so when comes 00:00:01 AM the patches are installed.
  My issue are the multiple reboots in case of update dependencies and or faulty update patches that won't go through until another reboot. Some time it could extend for days, so for the time being the reboots are not enforced.
  I would like to activate the reboots and from my understanding if a maintenance window is say set Monday 1AM to 6AM, all the updates with a deadline will be applied.
  Now i'm wondering two things: First, in the deployment properties in the "Write filter handling for Windows..." under "User Experience" section there is a checkbox that sites "Commit changes
  at deadline or during a maintenance window (requires restarts)". Does this mean that updates will be applied ASAP OR IF a maintenance window is defined it will overrule the deadline as soon as the deadline is over and apply the updates during
  the window and this has nothing to do with Business Hours set on the end-user client Software Center?
  Secondly, with ConfigMgr 2012 SP1 in "Assets and Compliance"
  when I right click the properties of computer group to set the actual maintenance window there's a check box
  "Apply this schedule only to task sequences",  I'm sure the answer is clear, but what exactly does it refer to, like imaging a computer through PXE boot... or?
  thanks!
  Eric

  UPDATE:
  I think I found the answer to my issue....
  In the deployment section under "Deadline Behaviour"
  "When the installation deadline is reached, allow the following activities
  to be performed outside of the maintenance window:"
              - Software updates installation
              - System
  restart (if necessary)
  Those options were checked...... so the reboot ensued anyhow. >;(
  thanks for all your help guys, much appreciated! 
  Eric

• Need Adobe Flex User Experience Designers & Developers - SF BAY AREA

  The User Experience Designer will provide the necessary services requested by Business Partners for critical initiatives such as the National Agreement Implementation, Employee Portal Framework, KP Intranet and Clinical Library.  You will also provide services as requested to additional clients including projects such as web sites, Flex applications and application support.  This position will be based in Pleasanton, CA and will require travel to Oakland and other locations for projects, development and meetings.
  Essential Functions:
  Design, code, test, deploy, and maintain intranet sites and applications, working both independently and in team settings.
  Develop CSS standards and strategy across the intranet environment, encompassing portal framework.
  Scope new project work and create detailed project cost estimates, plans, and schedules.
  Assist staff in web site maintenance, design and development for existing sites and applications.
  Incorporate RIA elements when prudent.
  Design within existing brand standards, and test for cross-browser compatibility.
  Use knowledge of Section 508 accessibility compliance when applicable.
  Work with developers to integrate front-end code with back-end functionality, while maintaining code compliance and consistency.
  Help developers and development teams troubleshoot and fix UI problems.
  Develop resolutions, recommend solutions and build action plans as needed.
  Can independently perform, guide, assist or mentor others in web development and maintenance using industry best practices and specific internal procedures and standards in all phases of development, implementation, and post-implementation.
  Minimum Technical Skills Required:
  4 years experience Adobe Dreamweaver (CS4)
  4 years experience HTML/XHTML and CSS
  4 years experience Adobe Photoshop and Illustrator (CS4)
  1 year experience with JavaScript, AJAX, DOJO and SPRY
  3 years experience with Microsoft OS
  Skilled in Microsoft Office Productivity Tools
  Basic Qualifications:
  Bachelor's degree in Computer Science or equivalent skills and experience.
  5 years relevant work experience with solid hands-on experience in design and build activities.
  5 years experience in estimating, planning and coordinating multiple projects.
  Experience delivering on enterprise level projects in large companies; familiar with a variety of back-end middleware and endpoint tools.
  Exhibits excellent attention to detail and diligently follows through to resolve issues.
  Consistently demonstrates flexibility, organization and prioritization of tasks.
  Experience working collaboratively with non-technical users.
  Good communication skills both verbal and written form.
  Ability to work independently with minimal guidance and as a member of a team.
  Knowledge and understanding of Intranet, Web development best practices, usability and current code standards.
  Preferred Qualifications:
  Experience with Adobe Flex, IBM WebSphere, RAD 6 or 7, Adobe Flash and/or RIA
  Experience with TeamSite Content Management
  Experience with Web Standards and usability testing
  ***CANDIDATES SHOULD BE LOCAL TO THE SF BAY AREA***  Please contact me here or call 925.924.6359.

  people complaining about problems installing an office over another office are (dare i say it) stupid. it makes absolutely no sense installing one over the trial version. just uninstall the trial and you'll be fine. every single time.
  as for problem with uninstalling mcafee (or any other antivirus, for that matter, just download the uninstaller from the software company e.g. http://service.mcafee.com/FAQDocument.aspx?id=TS100507 for mcafee.
  that said i believe you get to choose if you want mcafee and/or office when you go through the inital boot, the "on-screen instructions"
  you can slow down the odd via power manager
  and thanks for the tips on changing the reg to have the user profiles somewhere else!
  T400s - 2815RW1 + Win7 Ultimate
  Don't pm me for help! That's what the forum is for. Also, Google's nicer than me. Ask him.

• Large Subnet for single SSID

  I am looking for a design guide to help me split up a large subnet for a Cisco Wireless network.  We have a Campus with a centralised Wsim and a single SSID.  We are hoping to be able to keep the single SSID but split the subnet as it is now quite large and we would like to reduce the broadcast domain to a manageable size.  I have found a number which have different SSID but we would like to keep only 1 as it simplifies the user experience. 

  Adding to Scotts post.  If you are doing 802.1x you can use dynamic VLAN assignment to achieve the results as well.
  AAA returns attributes 64/65/81 to the WLC, to change the VLAN the user gets put into.  You do still need to create the dynamic interfaces on the WLC.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• Installing Windows Server Essentials Experience in SBS 2011 Environment

  Scenario: I currently have an SBS 2011 environment with two sites. The business has rapidly grown since I first installed the SBS at the main site. I have setup a new office with a separate AD site. At secondary office I have a DC and a file server (all
  bound to the same domain as the SBS).
  My question is, can I setup the file server with Windows Server Essentials experience without it messing up the SBS schema? I know the WSEE is supported on an existing single domain environment but not sure if it will mess up anything on the SBS AD environment
  since we are using the builtin exchange.
  regards,
  LJAC

  Hi,
  My goal isn't to have an SBS server in one site and an Essentials server in the other. I have an SBS at the main site and a Windows Server 2012 R2 'Standard' in the other acting as a DC to the same domain as the SBS. My goal is to use the Anywhere Access feature
  at the site with the 2012 R2 server by installing the Essentials experience role. Both sites will be on the same domain and only users at the 2012 site will be using the Anywhere Access feature.
  Eventually I'll be migrating the SBS to 2012 R2 server and Exchange 2013 but thats way down the line.
  Thank you for your response!
  Ljac

• Multiple Passphrases for a Single SSID ?

  We are getting ready to deploy a special SSID for handheld devices to be used on.
  Is there any way to have multiple passphrases for a single SSID ?  The reason I am looking at this is that we may have users who come into one of our offices and may not have gotten/received the email advising of the passphrase change.  My hope would be that we could implement Passphrase A when we initially deploy the new SSID and then in say 3 months, change the password.  We would like to leave the Passphrase A active for about a week which should be sufficient time for them to change it and then we could delete Passphrase A, leaving only Passphrase B active.  In WEP there was something like this but I dont see this as an option in WPA2.  Unfortunately with some of the devices that I have looked at, WPA2 Enterprise isnt an option, so that is why I am looking at things from this perspective.
  Any suggestions would be appreciated.
  Ron

  Hello Ronald,
  No you cannot have multiple passphrase or WPA-PresharedKey for the same SSID.
  Thank you,
  Serge

• A user experience for CP5(with 6 issues)

  Hi respected Adobe team,
  I am a CP5 user for 2months. After using CP5 for a part of time, I got some user experience to share with you.
  1. I published a CP project as a .swf with 1280*1024. When I watched this .swf as other dimension (except 1280*1024),some mess line will appear  in the video.
  The video with mess line:
  The correct video:
  2. I think CP5 can publish CP project as a .flv, but I don’t know how to? In this window I don’t know how to add a server to publish .flv file. .flv file is very useful for me, so could you help me?
  3. Why .f4v file’s dimension need less than 1024*768? If I had a 1280*1024 CP project and I wanted to publish it as a .f4v file, I have to compress this project. As the result of compress is mess lines appear in the video.
  4. When I published a CP project as a .swf, sometimes this sentence appear (your computer does not have sufficient memory resource to publish your file).
  I had some information in this issue. This project was created in CP5. Whatever how long time I open this project, when I publish it this dialog will appear. In my opinion, if the CP project had a long time video (much video information), the chances of this dialog’s appear will grow up. But if I change some setting maybe this dialog will not appear.
  In this setting the dialog appeared:
  In this setting the dialog didn’t be appeared:
  5. When I import a .swf to Adobe Flash Catalyst CS5, the .swf can’t be displayed normally. And I tried to analyze a .swf(about 2 min long) by a tool, the result is the .swf just have 37 frames. The strangest point is more than 90% video content is in the 35th frame. Other 36 frames almost have nothing. I don’t know why.
  6. When I recording a long time video, CP cut the video as many slides automatically. Sometime it makes me a little uncomfortable.
  In this CP project, I recorded this video at a heat. But CP cut it automatically (become 18 slides).
  At last, I have an advice for CP. If we can modify the video part in every part, it will be great! Actually, I am a big fan for Adobe productions. So wish a better CP version (maybe CP 6?). Thank you!
  My msn:[email protected]
  Glad to make friends with you!

  Hi Nick,
  I'm sorry to note that you are facing these issues with Captivate 5. While many of the issues you've reported probably have a workaround (I've listed some follow-up actions below), one issue we've had difficulty reproducing is the 'out of memory' issue when you publish. Can we schedule a conference call with a Connect session to investigate this further. Please mail me at- shamer at adobe dot com with details on the geo you are located in and some convienet time slots for the call.
  Regards,
  Shameer
  Adobe Captivate Team
  The other issues:
  >>
  1. I published a CP project as a .swf with 1280*1024. When I watched this .swf as other dimension (except 1280*1024),some mess line will appear  in the video.
  Can you check if this is an FMR swf (does the video camera icon appear on your Cp slides in the film strip/ thumnails? In that case there will be some lines observed with resizing.
  2. I think CP5 can publish CP project as a .flv, but I don’t know how to? In this window I don’t know how to add a server to publish .flv file. .flv file is very useful for me, so could you help me?
  You cannot publish the Cp project as an FLV. You publish as an F4V file. You then have to manualy upload this on to a streaming server (if that is what you are attempting).
  3. Why .f4v file’s dimension need less than 1024*768? If I had a 1280*1024 CP project and I wanted to publish it as a .f4v file, I have to compress this project. As the result of compress is mess lines appear in the video.
  This is a limitation from the way we use codecs for F4V. We are currently investigating this issue.
  6. When I recording a long time video, CP cut the video as many slides automatically. Sometime it makes me a little uncomfortable.
  In this CP project, I recorded this video at a heat. But CP cut it automatically (become 18 slides).
  We can look at this issue also in our connect session, but I believe your auto FMR might be getting triggered in some scenarios, hence the number of slides varies.

• ISE 1.2 & AD & Meraki - Per User Group Policy ?

  I am working on a PoC for a deployment in an MDU. We are using Meraki switches and access points. There are 250 units in the building, each unit will have it's own subnet. The goal is to have the tenant be able to connect to a common building SSID and be placed into their assigned VLAN. There will also be physical ports in each unit that will need to do the same. I am trying to figure out a way to use ISE to authorize on a per user basis and not based on groups of users. On the Meraki system there are group policies that will assign the VLAN for the user as well as any type of layer 7 firewalling and bandwidth control. So there will be 250 group policies, one for each unit. There is a deployment guide that shows how to setup ISE for use with Meraki and it is great but it assumes that there will be large groups like Employees, Contractors, etc.. that will be used. This is where I'm being tripped up, also... this is my first swing at a NAC deployment so I have a lot to learn.
  1.Can I setup each user in Active Directory to have a tag that ISE can then forward on to Meraki for the group policy? Say it's unit 101 and I have a group policy called 101 in Meraki, Meraki documentation says to use the Airespace-ACL-Name attribute in ISE to indicate the group policy to use. This gives me the ability to place a group into that policy but not an individual. Or would this be better done by creating the users in ISE directly? Omit AD entirely?
  2. Each unit will have devices that will need MAB because they are not 802.1x compatible. I need to do the same as above with them. I would create a separate SSID for these devices but then use the MAC address to authenticate them but will need to authorize them to go into a specific group policy.
  I know this isn't a typical ISE application but I think that this will work really well in the end, just need to iron out these details and get a test system functioning. Any help would be greatly appreciated!!!
  Thanks,
  Nathan

  Please find the Meraki_ISE integration doc. in attachment.
  When VLAN tagging is configured per user, multiple users can be associated to the same SSID, but their traffic is tagged with different VLAN IDs. This configuration is achieved by authenticating wireless devices or users against a customer-premise RADIUS server, which can return RADIUS attributes that convey the VLAN ID that should be assigned to a particular user’s traffic.
  In order to perform per-user VLAN tagging, a RADIUS server must be used with one of the following settings:
  MAC-based access control (no encryption)
  WPA2-Enterprise with 802.1x authentication
  A per-user VLAN tag can be applied in 3 different ways:
  The RADIUS server returns a Tunnel-Private-Group-ID attribute in the Access-Accept message, which specifies the VLAN ID that should be applied to the wireless user. This VLAN ID could override whatever may be configured in the MCC (which could be no VLAN tagging, or a per-SSID VLAN tag). To have this VLAN ID take effect, “RADIUS override” must be set to “RADIUS response can override VLAN tag” under the Configure tab on the Access Control page in the “VLAN setup” section.
  The RADIUS server returns a group policy attribute (e.g., Filter-ID) in the Access-Accept message. The group policy attribute specifies a group policy that should be applied to the wireless user, overriding the policy configured on the SSID itself. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user.
  On the Client Details page, a client can be manually assigned a group policy. If the group policy includes a VLAN ID, the group policy’s VLAN ID will be applied to the user. 

• [Forum FAQ] How to install and configure Windows Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely

  As we all know,
  the Windows Server Essentials Experience role is available in Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter. We can add the Windows Server
  Essentials Experience role in Server Manager or via Windows PowerShell.
  In this article, we introduce the steps to install and configure Windows
  Server Essentials Experience role on Windows Server 2012 R2 Standard via PowerShell locally and remotely. For better analyze, we divide this article into two parts.
  Before installing the Windows Server Essentials Experience Role, please use
  Get-WindowsFeature
  PowerShell cmdlet to ensure the Windows Server Essentials Experience (ServerEssentialsRole) is available. (Figure 1)
  Figure 1.
  Part 1: Install Windows Server Essentials Experience role locally
  Add Windows Server Essentials Experience role
  Run Windows PowerShell as administrator, then type
  Add-WindowsFeature ServerEssentialsRole cmdlet to install Windows Server Essentials Experience role. (Figure 2)
  Figure 2.
  Note: It is necessary to configure Windows Server Essentials Experience (Post-deployment Configuration). Otherwise, you will encounter following issue when opening Dashboard.
  (Figure 3)
  Figure 3.
    2. Configure Windows Server Essentials Experience role
  (1)  In an existing domain environment
  Firstly, please join the Windows Server 2012 R2 Standard computer to the existing domain through the path:
  Control Panel\System\Change Settings\”Change…”\Member of. (Figure 4)
  Figure 4.
  After that, please install Windows Server Essentials Experience role as original description. After installation completed, please use the following command to configure Windows
  Server Essentials:
  Start-WssConfigurationService –Credential <Your Credential>
  Note: The type of
  Your Credential should be as: Domain-Name\Domain-User-Account.
  You must be a member of the Enterprise Admin group and Domain Admin group in Active Directory when using the command above to configure Windows Server Essentials. (Figure 5)
  Figure 5.
  Next, you can type the password for the domain account. (Figure 6)
  Figure 6.
  After setting the credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 7)
  Figure 7.
  By the way, you can use
  Get-WssConfigurationStatus
  PowerShell cmdlet to
  get the status of the configuration of Windows Server Essentials. Specify the
  ShowProgress parameter to view a progress indicator. (Figure 8)
  Figure 8.
  (2) In a non-domain environment
  Open PowerShell (Run as Administrator) on the Windows Server 2012 R2 Standard and type following PowerShell cmdlets: (Figure 9)
  Start-WssConfigurationService -CompanyName "xxx" -DNSName "xxx" -NetBiosName "xxx" -ComputerName "xxx” –NewAdminCredential $cred
  Figure 9.
  After you type the commands above and click Enter, you can create a new administrator credential. (Figure 10)
  After creating the new administrator credential, please type “Y” to continue to configure Windows Server Essentials. (Figure 11)
  After a reboot, all the configurations will be completed and you can open the Windows Server Essentials Dashboard without any errors. (Figure 12)
  Figure 12.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Part 2: Install and configure Windows Server Essentials Experience role remotely
  In an existing domain environment
  In an existing domain environment, please use following command to provide credential and then add Server Essentials Role: (Figure 13)
  Add-WindowsFeature -Name ServerEssentialsRole
  -ComputerName xxx -Credential DomainName\DomainAccount
  Figure 13.
  After you enter the credential, it will start install Windows Server Essentials role on your computer. (Figure 14)
  Figure 14.
  After the installation completes, it will return the result as below:
  Figure 15.
  Next, please use the
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with a remote computer. You can use the commands below:
  Enter-PSSession –ComputerName
  xxx –Credential DomainName\DomainAccount (Figure 16)
  Figure 16.
  Then, please configure Server Essentials Role via
  Add-WssConfigurationService cmdlet and it also needs to provide correct credential. (Figure 17)
  Figure 17.
  After your credential is accepted, it will update and prepare your server. (Figure 18)
  Figure 18.
  After that, please type “Y” to continue to configure Windows Server Essentials. (Figure 19)
  Figure 19.
  2. In a non-domain environment
  In my test environment, I set up two computers running Windows Server 2012 R2 Standard and use Server1 as a target computer. The IP addresses for the two computers are as
  below:
  Sevrer1: 192.168.1.54
  Server2: 192.168.1.53
  Run
  Enable-PSRemoting –Force on Server1. (Figure 20)
  Figure 20.
  Since there is no existing domain, it is necessary to add the target computer (Server1) to a TrustedHosts list (maintained by WinRM) on Server 2. We can use following command
  to
  add the TrustedHosts entry:
  Set-Item WSMan:\localhost\Client\TrustedHosts IP-Address
  (Figure 21)
  Figure 21.
  Next, we can use
  Enter-PSSession
  cmdlet and provide the correct credential to start an interactive session with the remote computer. (Figure 22)
  Figure 22.
  After that, you can install Windows Server Essentials Experience Role remotely via Add-WindowsFeature ServerEssentialsRole cmdlet. (Figure 23)
  Figure 23.
  From figure 24, we can see that the installation is completed.
  Figure 24.
  Then you can use
  Start-WssConfigurationService cmdlet to configure Essentials Role and follow the steps in the first part (configure Windows Server Essentials Experience in a non-domain environment) as the steps would be the same.
  The figure below shows the status of Windows Server Essentials.
  Figure
  25.
  Finally, we have successfully configured Windows Server Essentials on Server1. (Figure 26)
  Figure 26.
  More information:
  [Forum
  FAQ] Introduce Windows Powershell Remoting
  Windows Server Essentials Setup Cmdlets
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.