Solved: Re: Dynamic VLAN/SSID assignment using 4402/MS IAS - Page 2

j-shearer · ‎04-18-2008

Greetings,

In short we have a WLC4402 (50 AP license) and approx 30 1252s LAPs in place. Right now we have three VLANs/SSIDs in place - one for admin, one for teachers and one for students. The WLC uses a MS Windows 2003 server running IAS for PEAP authentication. The clients are Windows XP, the SSID is entered manually based on "pre-designation" of the laptop's "type" (either admin, teacher or student).

This is working fine. However more and more frequently our users have been "sharing" laptops so a student may need to use a teacher's laptop and vice-versa. In short we would like to use dynamic VLAN/SSID assignment so that if a student does have a teacher's laptop the "student" VLAN/SSID would be assigned to them when log in (and the proper ACLs, QoS policies, etc would be applied)

We have found documentation on how to perform this with an ACS but is there anything available for this configuration with a MS IAS server.

Any input/information would be greatly appreciated.

Joe

jim.robinson · ‎04-08-2009

Shaun,

My LAG - etherchannel interface

interface Port-channel8

description WLC-portchannel

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,24-26

switchport mode trunk

end

---------------

My 2 WLC Fiber ports:

Current configuration : 382 bytes

!

interface GigabitEthernet7/47

description CiscoWLC-LAG-Ports

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,24-26

switchport mode trunk

service-policy output autoqos-voip-policy

qos trust cos

auto qos voip trust

tx-queue 3

bandwidth percent 33

priority high

shape percent 33

spanning-tree bpdufilter enable

channel-group 8 mode on

end

2200-3A#sh run int g7/48

Building configuration...

Current configuration : 382 bytes

!

interface GigabitEthernet7/48

description CiscoWLC-LAG-Ports

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3,24-26

switchport mode trunk

service-policy output autoqos-voip-policy

qos trust cos

auto qos voip trust

tx-queue 3

bandwidth percent 33

priority high

shape percent 33

spanning-tree bpdufilter enable

channel-group 8 mode on

end

----------------------------------

I use vl1 for ap mgmt, vl3 for hotspot, and vl24-26 for WPA2 clients and wireless voip devices.

------------------

One of my AP switchports on the same switch. I let the trunk port to the AP carry a range of vlan's, and then a manage the vlans assigned to clients with IAS and the WLC.

--------------------------------

!

interface FastEthernet4/48

description AP-PoE

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-1004

switchport mode trunk

service-policy output autoqos-voip-policy

qos trust cos

auto qos voip trust

tx-queue 3

bandwidth percent 33

priority high

shape percent 33

end

Jim

jim.robinson · ‎04-08-2009

Added - screenshot of IAS policies.

Jim

Shaun Bender · ‎04-20-2009

Hi Jim,

I have switched back to software version 4.2.176.0 on the WLC. Still the same issues, would it be possible to see a switch config for the APs and WLC?

Thanks

Shaun

Shaun Bender · ‎04-21-2009

Jim - thanks for posting the config, I missed your previous post and didn't see it.

-Shaun

bhoops · ‎04-28-2009

Shaun,

I don't know if you have resolved your issue, or if this response is even specific to your configuration, but it should be noted that you can use dynamic VLAN assignment for 802.1x authentication, but not for web authentication as the IP address has already been assigned prior to authentication.

-Brian

dal · ‎04-15-2009

Could someone please post a link to the ACS article?

Thanks.