Just to follow up, I've successfully implemented this and the client is happy with the outcome of the project.

Thanks for your help Steve.

Hi,

I did exactly how you guys stated and it still not working.

I have 3vlan in the wlc, do I configure 3 ssid or 1 ? I have multiple vlan.

Please give me some screenshot of the WLC configuration.

Thanks

You only need to configure one SSID, and make sure you have AAA override enabled in the WLAN config.

If you are doing 802.1x and have the NPS configured to return those attributes it should work

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Thanks Steve for your quick response.

I did everything as per your recommendation and it still doesnt work.

Do you mind providing me a remote assistance, do you have Skype?

Or your prefer that I provide you a set of logs, tell me which one and I will do so.

SSID:TT

@IP WLC: 172.20.252.70

NPS: 172.20.1.16

config rule NPS: service-Type: NAS Prompt

                         Tunnel-Type: VLAN

                         Tunnel-pvt-group-ID:10

                         Tunnel-Meduim-Type:802

log WLC:

*radiusTransportThread: Sep 19 12:32:47.841: ****Enter processIncomingMessages: response code=2

*radiusTransportThread: Sep 19 12:32:47.841: ****Enter processRadiusResponse: response code=2

*radiusTransportThread: Sep 19 12:32:47.841: 8c:70:5a:1c:8e:20 Access-Accept received from RADIUS server 172.20.1.16 for mobile 8c:70:5a:1c:8e:20 receiveId = 4

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.841: 8c:70:5a:1c:8e:20 Processing Access-Accept for mobile 8c:70:5a:1c:8e:20

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.842: 8c:70:5a:1c:8e:20 Applying new AAA override for station 8c:70:5a:1c:8e:20

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.842: 8c:70:5a:1c:8e:20 Override values for station 8c:70:5a:1c:8e:20

source: 4, valid bits: 0x200

qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.842: 8c:70:5a:1c:8e:20 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1

vlanIfName: 'dy-data-ksb1', aclName: ''

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.842: 8c:70:5a:1c:8e:20 Inserting new RADIUS override into chain for station 8c:70:5a:1c:8e:20

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Override values for station 8c:70:5a:1c:8e:20

source: 4, valid bits: 0x200

qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1

vlanIfName: 'dy-data-ksb1', aclName: ''

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Applying override policy from source Override Summation:

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Override values for station 8c:70:5a:1c:8e:20

source: 256, valid bits: 0x200

qosLevel: -1, dscp: 0xffffffff, dot1pTag: 0xffffffff, sessionTimeout: -1

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Override values (cont..) dataAvgC: -1, rTAvgC: -1, dataBurstC: -1, rTimeBurstC: -1

vlanIfName: 'dy-data-ksb1', aclName: ''

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.843: 8c:70:5a:1c:8e:20 Setting re-auth timeout to 1800 seconds, got from WLAN config.

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.844: 8c:70:5a:1c:8e:20 Station 8c:70:5a:1c:8e:20 setting dot1x reauth timeout = 1800

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.844: 8c:70:5a:1c:8e:20 Creating a PKC PMKID Cache entry for station 8c:70:5a:1c:8e:20 (RSN 2)

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.844: 8c:70:5a:1c:8e:20 Adding BSSID 00:1e:be:a7:bf:b6 to PMKID cache for station 8c:70:5a:1c:8e:20

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.844: New PMKID: (16)

*Dot1x_NW_MsgTask_0: Sep 19 12:32:47.844:      [0000] 80 36

can you provide the output of

show interface summary

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Hi

Thanks Steve for your quick response.

this is the output of show interface summary also i give you the config of WLAN:

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

ap-manager                       LAG  untagged 172.20.252.71   Static  Yes    No

dy-data-ksb1                     LAG  10       10.55.21.10     Dynamic No     No

dy-data-parc                      LAG  1        10.55.0.2       Dynamic No     No

dy-guest-ksb1                    LAG  50       10.55.22.10     Dynamic No     No

dy-itteam-ksb1                   LAG  30       10.55.20.10     Dynamic No     No

dy-voice-ksb1                     LAG  20       10.55.23.10     Dynamic No     No

management                      LAG  untagged 172.20.252.70   Static  No     No

service-port                        N/A  N/A      172.20.252.101  Static  No     No

virtual                                 N/A  N/A      1.1.1.1         Static  No     No