Viten Patelis is a Wireless Expert working in Cisco TAC. In this Video, Viten has shown How to do the Flexconnect Vlan Override Local Switching Clients configuration on Wireless LAN Controller (WLC) and Cisco Secure Access Control Server (ACS).
In the current FlexConnect architecture, there is a strict mapping of WLAN to VLAN, and thus the client getting associated on a particular WLAN on FlexConnect AP has to abide by a VLAN which is mapped to it. This method has limitations, because it requires clients to associate with different SSIDs in order to inherit different VLAN-based policies.
From 7.2 release onwards, AAA override of VLAN on individual WLAN configured for local switching is supported. In order to have dynamic VLAN assignment, AP would have the interfaces for the VLAN pre-created based on a configuration using existing WLAN-VLAN Mapping for individual FlexConnect AP or using ACL-VLAN mapping on a FlexConnect group. The WLC is used to pre-create the sub-interfaces at the AP.
AAA VLAN override is supported from release 7.2 for WLANs configured for local switching in central and local authentication mode.
AAA override should be enabled on WLAN configured for local switching.
The FlexConnect AP should have VLAN pre-created from WLC for dynamic VLAN assignment.
If VLANs returned by AAA override are not present on AP client, they will get an IP from the default VLAN interface of the AP
Cisco Airespace-specific attributes will not be supported and IETF attribute VLAN ID will only be supported.
A maximum of 16 VLANs can be configured in per-AP configuration either via WLAN-VLAN Mapping for individual FlexConnect AP or using ACL-VLAN mapping on the FlexConnect group.
I have a new C9800-L-F-K9 configured for Webauth via ISE 2.4. I can authenticate as the ISE login page is displayed and I input my creds. ISE shows client authenticated, but on 9800 client still shown in Web Auth Pending state and post login page fails to...
Hi ..configured CIMC Port on WLC 5520.set admin password on cli(WLC5520) >imm username admin password test123 test123(WLC5520) >imm summaryThis will take some time...Please be patient!User ID.......................................... adminDHCP.........
Hi Folks, I know this has been answered but seems to be a good few years now. I also can't find any supporting documentation to say otherwise. IntraWLC Roaming on FlexConnect SSID. If you roam between APs that have different VLANs configured for...
Hello.We are running several sites with 8540 WLC and a mix of legacy and up to date AP'sCurrently we run 22.214.171.124 AireOS on all WLC's but we have had issues, especially with the 2800 ap's and false radar detection.According to the release notes we should...
Hi Folks,In my home LAB, I have as main router an old Cisco 881W. It have been working well on the "standard" configuration. My ASDL gets connected in the FE4, and the router shares the internet with the Internal devices using wired and wireless...