Trustsec on wireless

Odd Kare Aunan · ‎03-15-2019

Hello,

I'm implementing trustsec on my wireless network.

I am getting the setup to work on 3800 AP's. The client is tagged with the correct SGT tags, and the trafick is permitted/denied as intended.

However, on the same controller, with the same clients, when I connect the clients to a 3700 AP, I don't get the segemtation to work.

I can see on both the WLC and the AP, that the clients is getting the correct SGT tag, but it still hits the default Permit_All ACL.

So, to sumarize:

8540 with 3800 AP works like a charm.

8540 with 3700 AP doesn't seem to work.

AP's are in local mode, not flex connect.

SW version on the WLC: 8.5.135.0. (Have also tested with upgrading to 8.5.140.0, and 8.7.106.0, still same problem)

Has anyone else experienced this issue?

Regards

Odd K.

Haydn Andrews · ‎03-15-2019

I'm going to suggest that its a bug. Have you logged a support ticket?

APs in the same AP group?

Take a look at this bug sounds very similar:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg62508

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Odd Kare Aunan · ‎03-18-2019

Hello, thank you for your answer.

I suspect it is a bug as well, I made a support ticket today, so we'll see what Cisco TAC finds out.
Yes, they are in the same AP group.
That bug seems similar, except that my AP's is in local mode, not flex connect. Still interresting tho.