https://community.cisco.com/t5/wireless/wlc-5520-flexconnect-ap-with-eogre/m-p/5128968#M272576 <P>on a 5520 WLC v8.10.183</P> <P>We have been able to get a Flexconnect AP to build a EoGRE tunnel and put clients on it.<BR />We have also been able to get a Flexconnect AP to drop client onto a Local VLAN as well.</P> <P>We would like to configure one WLAN on the Flexconnect AP and place the client on the EoGRE tunnel or Local VLAN dynamically based on the return values from AAA/ISE.</P> <P>When we set the WLAN Profile &gt; Tunnel Profile to our EoGRE profile, all clients are placed on the EoGRE tunnel<BR />even though we return just the VLAN from the AAA server.</P> <P>When we set the WLAN Profile &gt; Tunnel Profile to none, all clients are placed on the local AP vlan<BR />even though we send these Cisco AV-Pairs from AAA/ISE</P> <P>gw-domain-name=abc123<BR />mn-service=ipv4<BR />cisco-mpc-protocol-interface=eogre<BR />Primary-Tgw-IP=1.1.1.1<BR />Secondary-Tgw-IP=2.2.2.2</P> <P>In the EoGRE tunneling guide under Flexconnect it states the following:</P> <UL class="ul"> <LI id="topic_58DDEFC8585F48EB93171526630E9FDB__li_34422787A5D248F3B2784E28058D68D7" class="li"> <P class="p">802.1x authenticated “simple” and “tunneled” EoGRE clients are supported on the same WLAN.</P> </LI> <LI id="topic_58DDEFC8585F48EB93171526630E9FDB__li_8473E05A685E441BB65BE5DC0ED26C1A" class="li"> <P class="p">Based on authentication, clients are separated into local or tunneled mode.</P> </LI> </UL> <P>Is what I am trying to deploy possible?&nbsp; &nbsp;Is there any guide to what AV-Pairs should be returned from ISE to make it happen?</P> <P>&nbsp;</P> Wed, 12 Jun 2024 12:00:50 GMT brian.holmes 2024-06-12T12:00:50Z https://community.cisco.com/t5/wireless/wlc-5520-flexconnect-ap-with-eogre/m-p/5128968#M272576 <P>on a 5520 WLC v8.10.183</P> <P>We have been able to get a Flexconnect AP to build a EoGRE tunnel and put clients on it.<BR />We have also been able to get a Flexconnect AP to drop client onto a Local VLAN as well.</P> <P>We would like to configure one WLAN on the Flexconnect AP and place the client on the EoGRE tunnel or Local VLAN dynamically based on the return values from AAA/ISE.</P> <P>When we set the WLAN Profile &gt; Tunnel Profile to our EoGRE profile, all clients are placed on the EoGRE tunnel<BR />even though we return just the VLAN from the AAA server.</P> <P>When we set the WLAN Profile &gt; Tunnel Profile to none, all clients are placed on the local AP vlan<BR />even though we send these Cisco AV-Pairs from AAA/ISE</P> <P>gw-domain-name=abc123<BR />mn-service=ipv4<BR />cisco-mpc-protocol-interface=eogre<BR />Primary-Tgw-IP=1.1.1.1<BR />Secondary-Tgw-IP=2.2.2.2</P> <P>In the EoGRE tunneling guide under Flexconnect it states the following:</P> <UL class="ul"> <LI id="topic_58DDEFC8585F48EB93171526630E9FDB__li_34422787A5D248F3B2784E28058D68D7" class="li"> <P class="p">802.1x authenticated “simple” and “tunneled” EoGRE clients are supported on the same WLAN.</P> </LI> <LI id="topic_58DDEFC8585F48EB93171526630E9FDB__li_8473E05A685E441BB65BE5DC0ED26C1A" class="li"> <P class="p">Based on authentication, clients are separated into local or tunneled mode.</P> </LI> </UL> <P>Is what I am trying to deploy possible?&nbsp; &nbsp;Is there any guide to what AV-Pairs should be returned from ISE to make it happen?</P> <P>&nbsp;</P> Wed, 12 Jun 2024 12:00:50 GMT https://community.cisco.com/t5/wireless/wlc-5520-flexconnect-ap-with-eogre/m-p/5128968#M272576 brian.holmes 2024-06-12T12:00:50Z https://community.cisco.com/t5/wireless/wlc-5520-flexconnect-ap-with-eogre/m-p/5132303#M272744 <P>Never tried to do this myself so don't know the answer but from trying to find the right AV-pairs for other previous issues I can confirm the documentation is poor to non-existent. Unless you have a known working setup you can do a packet capture on, it's just trial and error!<BR />TAC usually have no idea (unless you get very lucky and get an engineer who has personal experience with this). We've had trouble even getting 1st line TAC to understand the question (took weeks and numerous emails), never mind know the answer (don't know)!</P> <P>I'd say your best bet is to contact your account team SE (or whatever they call them these days) and they may be able to find somebody in wireless BU who could answer your question.</P> Mon, 17 Jun 2024 00:29:59 GMT https://community.cisco.com/t5/wireless/wlc-5520-flexconnect-ap-with-eogre/m-p/5132303#M272744 Rich R 2024-06-17T00:29:59Z