cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1208
Views
5
Helpful
4
Replies

NAC IB with wireless users

a7med_magdy
Level 1
Level 1

I have a problem here guys, I will deploy cisco NAC with wireless users

My scenario is IB-VG , the access points are autonomous there is no WLC

the AP is connected to the switch on a trunk port and I have configured the AP

with different SSIDs each one with different vlan (s) on the NAC i have

configured the vlan mapping and the managed subnets but it doesn't work.

i wanna know where is the problem or is there anu configuration example to configure \

autonomous AP in In-Band virtual gateway mode

4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

Hi,

Can you please be more specific about what does not work?

What were you expecting to see and what are you seeing?

Do the wireless users get IP address?

If, yes, are they getting the IP you would expect?

After getting IP address, if you open a web browser dod you get redirected to the NAC login page?

If yes, do you enter the credentials and fail autentication?

Please note that you will need to make sure that the VLAN on the clients is allowed on the untrusted interface of the CAS, and that the VLAN mapping maps this VLAN to a vlan where a DHCP server can be reachable.

Also, please make sure that the traffic on the VLAn configured on the SSID has the only path as the path going through the CAS.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Hi Tiago,

thank for your reply. I have configured the AP port on the switch as trunk then I have created

SSID with vlan 31 (Auth vlan) . then I added the vlan mapping and the managed subnet to the

CAS and the auth vlan vlan is allowed on the untrusted interface of the CAS and vlan 30 (access

vlan )to vlan 31 is added to the trusted side but users can't get an IP address . I tried to add the

MAC/IP of the AP to the filter list as allowed and still users can't get an IP address.

any advice

one more thing Tiago , I don't know if it matters the management IP of the AP

is on the trusted side.

Ok,

we would need to check the switch, ap and NAC configuration to be able to say what is missing/wrong...

You can upload the config here or open a SR and it makes things easier.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Review Cisco Networking for a $25 gift card