Hello All ,
While Configuring Dynamic VLAN assignment on WLC , is there any option like in wired 802.1X , that failed clients drop in a specified VLAN . Not able to find any such option in case of wireless ? If we want to put failed authenticated clients is a specified VLAN .
Thanks in anticipation.
I am not sure what you mean in the question.
If the SSID is setup for 802.1x authentication against a radius server then you would just have a rule that says if the client does not match any known Identity sources then place it in vlan "X". This way the wireless client will pass authentication and be placed in the VLAN you specified.
If the radius server does not have an identity source and you have told it to respond as a failed request then the WLC will see this as a failure and de-authenticate the client.
To answer your question, no you cannot have the WLC respond purely on its own to a failed 802.1x request and place the client in a different vlan, it has to come from the radius server.
Thanks ammahend ..
Surely this seems to be thing We were looking for . But what application is this ? We are using MS NPS ... Don't thing NPS has this sort of option ...
Its Cisco's Identity Services Engine (ISE), you can learn more here. it is available as an OVA for free for 90 days for 100 devices, if you want to try.