cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1263
Views
0
Helpful
13
Replies

cisco WLC 5508

w.janarthanan
Level 1
Level 1

Hi Guys,

I have a cisco wlc 5508 fixed at one of my remote head office and 3 (AIR-CAP3502I-E-K9) APs at remote branch office connect via flex connect mode (IPLC link).I have created a single SSID and added all three APs to that. What i want to know is, i got 4 different subnets in my LAN (branch office) and the authentication is done by the nps server in branch office, also there is a dhcp server which lease IP addresses to the client, how can I configure to lease the IP address for the correct subnet/VLAN base on the AD membership of the user? Because now it leases IP from the native VLAN which I have given on the WLC.If any one can help me on this,its great.

BR

Jana

13 Replies 13

Stephen Rodriguez
Cisco Employee
Cisco Employee

You would need to be running 7.2 code to take advantage of this feature. With 7.2, you define what VLAN that the FCAP has access to.  Then from AAA return 64/65/81 attributes to set the VLAN.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html#wp1247954

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Didn't know that was possible, but I guess in 7.2:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Yeah, 7.2 added AAA Override, and ACL for FlexConnect.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I'm going to have to test that out to see how well it works:)

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame

Vlan changing on FlexConnect APs are not supported. Only when an ap is in local mode can you force the wlc to change the vlan.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Even when the WLC is in the local mode, how can you push the vlan information when the user is in AD.

Thanks

NikhiL

Based on the group, and what attributes you return for the user.  YOu can do forced vlan assignment/AAA Override via an AAA server.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Just like what Steve mentioned, you can send radius attributes back to the wlc to make vlan change, QoS and even session timeout. Just need to make sure AAA override is enabled on the WLAN.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

I was wondering how to do it when the user is not there in ACS. With the Groups getting mapped to Authentication Profile, it is cool

You can also use radius sequence to first look at AD then internal ACS group too.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Hi Guys,

Thank you for the reply.Ya my WLC is 7.2

Hi

Scott Fella  did you test this ?? did it work?

BR

Jana

I did not test this out yet. I might be able to today.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hi scott fella,

Ok great,please let me know your out come.

BR

Jana.

Review Cisco Networking for a $25 gift card