07-20-2012 02:19 PM - edited 07-03-2021 10:26 PM
Running 7.2.110.0 code.
Question:
I had been working with an EAP WLAN testing for awhile in preperation for a project and had it work well with a single SSID and upon login and authentication, an attribute was passed by ACS to the WLC to point the client o a certain interface configured on the controller... pretty simple setup and seemed to work well.
I stepped away from that project for a bit as it was in a holding pattern and moved onto my wireless upgrades, replacing AP's and surveying and installing new controllers. Upon installing new controllers I decided that I would start using AP Groups more often as to keep things clean and created one with the basic required SSIDs, including the new EAP SSID (call it WLANEAP) and I moved most of my AP's to this AP group so that I didn't see all the other ones I was creating and using for other things currently under the default group provided by the wlc. Again, no issues, until today.
I was trying to get my WLANEAP network running again as I decided to use it for another implementation and I knew I had it handy and running, however.. not so much. I've tried and tried but can not get the laptop to get an ip out from the interface provided by ACS. I did a client debug, and saw:
Applying site-specific Local Bridging override for station 08:11:96:5a:9b:0c - vapId 7, site 'BasicInstall-RW', interface 'vlan20'
So, in seeing this I realized that in my AP Group I had to map it to an interface, vlan20 in this case which has no routing on it so no dhcp or anything.
Does this mean, when utilizing an 802.1x WLAN in an AP Group, you can not dynamically assign an interface via radius because itw ill be ignored due to the AP Group settings? If so, that seems short sited to me?
07-20-2012 04:53 PM
Does this mean, when utilizing an 802.1x WLAN in an AP Group, you can not dynamically assign an interface via radius because itw ill be ignored due to the AP Group settings? If so, that seems short sited to me?
AAA override get priority when AAA override and AP group is used. the debug client output should show site specific over-ride for AP group initially and once it goes into .1x auth it will return the overrided vlan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide