cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1418
Views
0
Helpful
1
Replies

Dynamic Interfaces to a WLAN in an AP Group?

raun.williams
Level 3
Level 3

Running 7.2.110.0 code.

Question:

I had been working with an EAP WLAN testing for awhile in preperation for a project and had it work well with a single SSID and upon login and authentication, an attribute was passed by ACS to the WLC to point the client o a certain interface configured on the controller... pretty simple setup and seemed to work well.

I stepped away from that project for a bit as it was in a holding pattern and moved onto my wireless upgrades, replacing AP's and surveying and installing new controllers.  Upon installing new controllers I decided that I would start using AP Groups more often as to keep things clean and created one with the basic required SSIDs, including the new EAP SSID (call it WLANEAP) and I moved most of my AP's to this AP group so that I didn't see all the other ones I was creating and using for other things currently under the default group provided by the wlc.  Again, no issues, until today.

I was trying to get my WLANEAP network running again as I decided to use it for another implementation and I knew I had it handy and running, however.. not so much.  I've tried and tried but can not get the laptop to get an ip out from the interface provided by ACS.  I did a client debug, and saw:

Applying site-specific Local Bridging override for station 08:11:96:5a:9b:0c - vapId 7, site 'BasicInstall-RW', interface 'vlan20'

So, in seeing this I realized that in my AP Group I had to map it to an interface, vlan20 in this case which has no routing on it so no dhcp or anything.

Does this mean, when utilizing an 802.1x WLAN in an AP Group, you can not dynamically assign an interface via radius because itw ill be ignored due to the AP Group settings?  If so, that seems short sited to me?

1 Reply 1

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

Does this mean, when utilizing an 802.1x WLAN in an AP Group, you can  not dynamically assign an interface via radius because itw ill be  ignored due to the AP Group settings?  If so, that seems short sited to  me?

AAA override get priority when AAA override and AP group is used. the debug client output should show site specific over-ride for AP group initially and once it goes into .1x auth it will return the overrided vlan.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: