Step 1. Integration of ACS in the Domain, and choose the groups that will be using
Step 2: Add the access-point as a network access-device, and define radius shared secret (which, obviously, has to be the same as the one defined in your AP configuraiton).
Note: In this case we have set the AP device type to autonomous_AP, as we will be using this criteria in the service selection (see below).
Step 3: After that, we need to create an authorization profile that will assign VLAN 91:
Step 4: Now, I have to create an access service with my AD as identity source, and with an authorization rules that will apply the profile I created in the previous step for all users belonging to the AD Group Corp2.
Note: To see the AD1:ExternalGroups condition field, you need to click on customize First.
Note2: Make sure that default rule is Permit Access, or any other authorization profile that will allow access.
Step 5: The next and final step for ACS configuration is to direct all Radius request coming from my AP to my Access Service:
We can check that everything is fine using show dot11 assoc all: This is when I log with bastien:
ap#sh dot11 associations all-client
Address : 0011.95ca.e82d Name : NONE
IP Address : 192.168.90.61 Interface : Dot11Radio 0
Hi All,I have SD-Access fabric network with DNA Center. I have one main wireless network which is fabric as well and 802.1X authentication. I use 3500 series WLC and 1850 series APs. The problem is as shown below picture. I got constant timeouts in m...
Hi Guys,Is it possible to set up a port number for syslog on WLC 5520? On the switch we can set it up by issuing the command logging "host 192.168.100.100 transport udp port 5678", but so far I did not find it for WLC.