Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2138
Views
0
Helpful
6
Replies

AAA Overide and FexConnect with remote and local switching

Go to solution
fkeca
Level 1
Level 1

‎04-06-2012 03:46 AM - edited ‎07-03-2021 09:57 PM

Hello,

I am using an ACS 5 for authenticating my Wireless Client. I need to design one VLAN for Corporate computer and one for Tablet. I want to use only one SSID and i do the AAA Overide to select the correct vlan ( Tablet use PEAP and Computer TLS). But on remote site i need to used local switching for Corporate and Remote switching for Tablet.

This work fine on coprate site because we use remote switching but on remote site because i use local switching for the SSID all client are locally switched.

Somebody know hown can resolve that issue on FlexConnect.

Thank for feedback.

Frederic

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-06-2012 04:07 AM

I don't think that is supported on FlexConnect as of yet.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to fkeca

‎04-06-2012 05:33 AM

You're trying to use one WLAN and have it do both central and local switching? Pretty sure that's not going to work. You would need two WLAN to get that to work. One that is left centrally switched and one that is local.

Out of curiosity what are you running that you have to centrally switch one of the devices?

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-06-2012 04:07 AM

I don't think that is supported on FlexConnect as of yet.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Skjalg Eggen
Level 1
Level 1
In response to Scott Fella

‎04-18-2012 12:37 PM

Where did you get this information?

The documentation tells us that it is supported:

The Allow AAA Override option of a WLAN enables you to configure the  WLAN for authentication. It enables you to apply VLAN tagging to  individual clients based on the returned RADIUS attribute from the AAA  server.

AAA overrides for FlexConnect access points introduce a dynamic VLAN  assignment for locally switched clients. AAA overrides for FlexConnect  also supports fast roaming (OKC/CCKM) of overridden clients.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954

Im configuring this tomorrow, will let you know how it goes

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-06-2012 05:02 AM

As of 7.2 you can configure AAA override with flexconnect. What you need ti do is per AP set the VLAN mappings for the VLANs that the AP can use. Then send the attribute down to the AP.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1232632

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
fkeca
Level 1
Level 1
In response to Stephen Rodriguez

‎04-06-2012 05:24 AM

This is what i have done. This don't work the radius Override is not taken. What i need is to have one vlan localy switched and the other centraly. The Vlan is provided by the ACS. And the result is always localy switched.

Thanks.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to fkeca

‎04-06-2012 05:33 AM

You're trying to use one WLAN and have it do both central and local switching? Pretty sure that's not going to work. You would need two WLAN to get that to work. One that is left centrally switched and one that is local.

Out of curiosity what are you running that you have to centrally switch one of the devices?

Steve

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
fkeca
Level 1
Level 1
In response to Stephen Rodriguez

‎04-06-2012 05:46 AM

This is what i have understand. My need is network issue. We have a proxy with authentication and the IPAD cannot do transparent authentification like Corporate laptop. And if i centraly switch the IPD i can do an exlusion of the IP range for  to bypass authentication.

And i wanted to limit to one SSID. But i will do two SSID for each type of device.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card