Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
873
Views
5
Helpful
4
Replies

NAC IB with wireless users

a7med_magdy
Level 1
Level 1

‎12-09-2010 11:35 AM - edited ‎02-21-2020 04:11 AM

I have a problem here guys, I will deploy cisco NAC with wireless users

My scenario is IB-VG , the access points are autonomous there is no WLC

the AP is connected to the switch on a trunk port and I have configured the AP

with different SSIDs each one with different vlan (s) on the NAC i have

configured the vlan mapping and the managed subnets but it doesn't work.

i wanna know where is the problem or is there anu configuration example to configure \

autonomous AP in In-Band virtual gateway mode

0 Helpful
4 Replies 4

Tiago Antunes
Cisco Employee
Cisco Employee

‎12-09-2010 01:18 PM

Hi,

Can you please be more specific about what does not work?

What were you expecting to see and what are you seeing?

Do the wireless users get IP address?

If, yes, are they getting the IP you would expect?

After getting IP address, if you open a web browser dod you get redirected to the NAC login page?

If yes, do you enter the credentials and fail autentication?

Please note that you will need to make sure that the VLAN on the clients is allowed on the untrusted interface of the CAS, and that the VLAN mapping maps this VLAN to a vlan where a DHCP server can be reachable.

Also, please make sure that the traffic on the VLAn configured on the SSID has the only path as the path going through the CAS.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

a7med_magdy
Level 1
Level 1
In response to Tiago Antunes

‎12-12-2010 01:57 AM

Hi Tiago,

thank for your reply. I have configured the AP port on the switch as trunk then I have created

SSID with vlan 31 (Auth vlan) . then I added the vlan mapping and the managed subnet to the

CAS and the auth vlan vlan is allowed on the untrusted interface of the CAS and vlan 30 (access

vlan )to vlan 31 is added to the trusted side but users can't get an IP address . I tried to add the

MAC/IP of the AP to the filter list as allowed and still users can't get an IP address.

any advice

0 Helpful

a7med_magdy
Level 1
Level 1
In response to a7med_magdy

‎12-12-2010 02:05 AM

one more thing Tiago , I don't know if it matters the management IP of the AP

is on the trusted side.

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to a7med_magdy

‎12-12-2010 11:57 AM

Ok,

we would need to check the switch, ap and NAC configuration to be able to say what is missing/wrong...

You can upload the config here or open a SR and it makes things easier.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card