Hello,
I have been trying to configure dynamic vlan assignment for the employee wlan. Trying to put the employee on vlan 20
Here are the components used
WLC: 2100 Software version: 7.0.240.0
AP: 3502I IOS version: 12.4 Mini IOS version: 7.0
Radius server: tried mutiple radius servers (rsa radius , free radius)
On the WLC:
-----------------
1. Created a AAA server.
2. Along with management interface(vlan 10), configured dynamic interfaces (vlan 20, vlan 30)
3. AP manager interface is on vlan 40
4. Created WLAN assigned to management interface-- WPA2 (AES) , 802.1x
5. on AAA servers tab - checked authentication servers and assigned the AAA server. authentication priority order is set to only radius
Here, I have 2 options for radius overwrite.
one on the AAA servers tab
second on the Advanced tab
I have selected both. or one at a time
Ports between WLC and switch is a trunk
On the AP:
--------------
1. Local mode
2. Port between AP and switch switchport access - vlan 40
On radius server:
----------------------
configured WLC's management interface as client
and assigned the following attributes
tunnel-type := vlan
tunnel-medium-type = ieee-802
tunnel-private-group-id = 20
When i try to authenticate with an iphone it is successful. But it puts me on the same interface as management interface (vlan10). When i do the packet capture i do see the access-accept but i dont see the attributes.
when i use a radius test utility against the radius server I do receive all the attributes.
Im a newbie on this. Iam i missing something here? any help will be much appreciated.
