I know the topic is quite old. Unless I have this or a similar problem too. CT8540, 188.8.131.52 At CT5508 I never saw messages like this regardless of which software version I used. Created ACL Rules for the VLANs in Flexconnect Group but mapped the Office-WLAN to the Quarantine VLAN as I did at CT5508 with 8.0.x before, where it was functioning well. Created WLAN-VLAN-Mappings as I did before. But when I log in to the WLAN-AP I see no subinterface for the Office-VLAN. Reconfigured the AP to local an rebooted. Reconfigured to FlexConnect and rebooted. No changes at all. I still get these messages also after creating VLAN-Naming-Template. I get this message also for previously used Dyn-IF names not available at this controller. I get this message after creating a dummy WLAN-VLAN-Mapping for Office-VLAN-ID in order to force it's generation, what not has been done by ACL itself. I get this message unless the dynamic override and client association for the correct VLAN is working finally. I can see client mac-addresses in the office VLAN at the Flex-APs switchport. It makes me nervous and I cannot migrate all the office APs to the new controller in fear they all could'nt work well and I'll be flooded by user incidents possibly. --- Both APs work well. Users will be transferred to the correct VLAN after successfull User-Auth. But I get the message already: "[WARNING] apf_policy.c 4144: Could not apply interface override: source Override Summation, interface 'any not at this controller configured dynIF-name'"
"[WARNING] apf_policy.c 4016: Either Vlan Name id Template invalid or no name to id mapping exist for interface 'any at this controller configured dynIF-name'"
The names of the dynamic interfaces are not the same as in the VLAN-ID-Name-Mapping because I have several customers and reused VLAN-IDs with different, local VLAN-Names. I can apply a VLAN-ID only once. So far...
... View more
Hello! I don't really know, whether this issue has been asked before. I have to configure PEAP Authentication with ACS 4.2.1 for Windows against Active Directory. ACS ist Member of AD Domain xyz.domainname. The PC account is located in an OU of xyz.domainname. Hosts get via DHCP a hostname as dhcp.domainname. This also is the name the machine uses for AAA request. User authentication works fine, because the user account also is hosted in xyz.domainname. The host authentication fails, because dhcp.domainname is a DNS domain only but no Windows AD subdomain. Does anybody knows a solution for this special constellation? Is it possible to strip or rewrite the domain suffix in any way during the authentication process?
... View more