Currently when client associates, Cisco wireless controller uses “management” interface/vlan as a source and NAS IP Address while sending Radius request or any other Radius Packet to AAA server for authenticating client (accounting packet as well).
With this feature Cisco wireless controller will use the interface as a source and NAS IP address which belongs to client’s subnet.
Cisco wireless controller “management” interface IP Address is 192.168.10.10 and Dynamic interface IP address is 192.168.20.10.
Wlan or AP-Group mapped with Dynamic interface (192.168.20.10).
Client associates and gets IP address from Dynamic interface vlan.
WLC knows that client will get from which vlan so while authenticating and accounting WLC uses source and NAS IP address as Dynamic interface here in our case it will be 192.168.20.10.
When AAA override is enabled and client gets vlan or interface from AAA server, WLC will use the interface as source and NAS which is mapped with wlan or AP-group. After session timeout, WLC will use appropriate interface which is returned by AAA server.
This feature only supported if client gets IP Address from Central site e.g. local mode AP, Flexconnect with central-switching and local-switching with central-dhcp etc.
This feature can be enabled through CLI and GUI both.
(sp-wifi-wlc) show wlan sp-wlan||DTIM period for 802.11a radio.................... 1DTIM period for 802.11b radio.................... 1Radius ServersAuthentication................................ 126.96.36.199 1812Accounting.................................... 188.8.131.52 1813Interim Update............................. DisabledDynamic Interface............................. Enabled
There is no specific new command to debug. Old commands can be used
Debug client <client_mac_address>
Debug aaa all enable
Cisco SP Wi-Fi Services Overview
Our SP Wi-Fi Services portfolio is a comprehensive set of services representing a holistic approach to the total lifecycle of service provider Wi-Fi engagements. Starting with a proof of concept, it covers the end-to-end spectrum of planning, building, optimization, and operation services, each assured by Cisco service-level agreements (SLAs). These services are flexible and can be customized. • Cisco SP Wi-Fi Proof of Concept Service – Demonstration of a centralized management system, with zero-touch service fulfillment for rapid deployments of meshed access points, using a cloud-based architecture hosted in a Cisco data center • Cisco SP Wi-Fi RF Plan and Build Service – Professional services from Cisco and our Wi-Fi specialized partners – Help in planning and deploying the RF components of the Cisco SP Wi-Fi solution – Analysis of architectural readiness, with guidance on selecting and prioritizing locations for Wi-Fi – RF expertise to obtain the most from your wireless access points – Coverage and capacity planning – Post-deployment RF analysis assistance to promote deployment success • Cisco SP Wi-Fi Core Plan and Build Service – Professional services from Cisco and our Wi-Fi specialized partners – Help planning and deploying the core components of the Cisco SP Wi-Fi solution – Analysis of architectural readiness and assistance with the SP Wi-Fi deployment design – Start-to-finish deployment assistance, including a mobile subscriber policy enforcement system – Pre-deployment validation to help ensure deployment success – Post-deployment knowledge transfers to help ensure your understanding of the solution • Cisco SP Wi-Fi Solution Support Service (Reactive) – Expert assistance to streamline operation of the Wi-Fi architecture – Quick isolation and remediation of unplanned service disruptions – Tracking and identification of the root cause of disruptive incidents, which provides valuable information for design changes and to help you scale with mobile subscriber growth • Cisco SP Wi-Fi Optimization Services (Proactive) – Expert analysis and recommendations for transforming your Wi-Fi architecture into a high-performing, efficient environment – Help creating a strategy for managing all the critical components of the Cisco SP Wi-Fi architecture using a suite of Cisco hosted network management applications – Availability and performance optimization expertise to validate your planned design changes – Collaboration in developing a strategy for managing software releases and changes – Continuous learning activities that help your IT staff become more self-sufficient • Cisco SP Wi-Fi Assurance Service (Preemptive) – Extension of the measurement and analytical capabilities provided by your Cisco SP Wi-Fi architecture – Real-time monitoring of various key performance indicators (KPIs) from Cisco network operations center – Comprehensive analytics using fault, capacity, availability, and performance information to help ensure reliable operations • Cisco SP Wi-Fi Operate Service (End-to-End Platform Management) – Monitoring of the managed devices in the your environment to help ensure access points and controllers are properly activated and provisioned – Management of incident and problem resolution – Identification of operational trends to continually improve performance
For more information on Service Provider Wi-Fi supported features:
Rogue auto-containment may have legal consequences, so it should be clear whether or not you are enabling it.I think Mobility Express is not clear about auto-containment. I just found the "Rogue Policies" option in the Best Practices menu. This option set...
Hi, I have a Cisco 5508 WLC (8.3.150 release) with 25 WLAN SSID configured and 352 Acess Point. In particular there is a WLAN SSID configured as Layer 2 Security as 802.1x (WEP). These 352 Access Point are installed in more location and each locatio...
I am running cisco prime version 2.2.How can i add Lightweight AP?I see that switches and WLAN controllers are added, but the AP's /Radio is not showing up. But when i punch in the ip address of an AP, prime finds it but says device Unknown.Please se...
Good Day Cisco Gurus I currently have two 2500 series Controllers that re set up as an HA pair, I have two wireless networks configured. Guest: the guest is currently configured to allow access to the domain resources, I inherited these controll...