Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2684
Views
15
Helpful
11
Replies

EWC C9115AXI, SSID configuration and Vlan atribution by RADIUS

Go to solution
ANTONIO DEUS
Level 1
Level 1

‎01-22-2023 10:27 AM

Hey guys,
We bought 30 AP Catalyst C9115AXI-E, and this model has the possibility of one of the APs serving as a virtual controller, that is, Embedded Wireless Controller.
The intended scenario is to create an SSID (tono) where the vlan is assigned by RADIUS with WPA2 enterprise. The SVIs of these vlans are on a firewall. The DNS/DHCP are behind this firewall, in another vlan, not any wireless vlan.

Could someone provide an example of how to create the SSID in the EWC, where the 30 APs are registered in the EWC and the network in which each diviece gets connectivity is a different network (vlan 50, vlan 65 or vlan 650), through assignment/classification by RADIUS.

Model: cisco C9115AXI-E (VXE) processor (revision VXE) with 324133K bytes of memory.
IOS XE: Version 17.06.04
Thanks in advanced
António

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to ANTONIO DEUS

‎01-23-2023 06:41 AM

This is my flex profile and policy profile:

wireless profile flex default-flex-profile
 description "default flex profile"
 native-vlan-id 1076
 vlan-name IoT
  vlan-id 1162
 vlan-name USER
  vlan-id 1032
 vlan-name GUEST
  vlan-id 1161

wireless profile policy whichever-policy-you-want-to-change
 aaa-override

View solution in original post

11 Replies 11

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-22-2023 10:44 AM - edited ‎01-22-2023 10:44 AM

check this deployment guide and step by step :

https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/white-paper-c11-743398.html

3 VLAN mean you looking for 3 SSID WLAN  for different Services? as long as the VLAN and WLAN binded reset all config same 1 SSID or more SSID, only different if you have Guest Access and Web Auth.

You can make necessary FW Rules regarding what VLAN/WLAN is required and what resources are accessed/denied.

If you looking for more AP deployment, suggest having 2 EWCs (HA), in case one failed the other one becomes active.

There is a good presentation I would suggest to read and understand the flows :

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKEWN-2016.pdf

EDIT :

suggest having another Good blog for reference apart from cisco I have suggested a document.

https://www.wifireference.com/2019/12/07/cisco-embedded-wireless-controller-on-catalyst-access-points/

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to balaji.bandi

‎01-22-2023 11:04 AM

Hi balaji.bandi,

Thank you for your answer. The first link you send, I already read it, but does not help me what we need.

What we need is one SSID,for example tono, for 3 different vlan/SVI, that are assignment by RADIUS. It is possible do it on EWC on C9115AXi?

Thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to ANTONIO DEUS

‎01-22-2023 11:12 AM

One SSID, so based on the user authentication you would like to change of Authorisation to that VLAN, sure the example guide provides the steps.

 It is possible do it on EWC on C9115AXi?  - check the cisco document and compatibility matrix.

balajibandi_0-1674414749907.png

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to balaji.bandi

‎01-22-2023 11:29 AM

I cannot find the right answer, if does or doesn't support with this model (C9115AX). So, I put one this discussion room my doubts.

Thank you

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to ANTONIO DEUS

‎01-22-2023 01:00 PM

Are you not able to view my Image posted and EWC supported that model?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to balaji.bandi

‎01-22-2023 01:01 PM

Yes.

Thanks.

0 Helpful

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to balaji.bandi

‎01-23-2023 05:46 AM

Hi,

I can see, but the main question is vlan assigned by RADIUS.
On Policy Profile, section Access Policies if I specifies the vlan, the laptop get IP, and have connectivity (nice!). But if I do not  specifies the vlan, the laptop stay connect on the wifi, but have no connectivity, because didn't received the vlan assigned by the RADIUS.

What I need to configure in order to received de vlan assigned by RADIUS?

Thanks,
António

PS the configuration is an attachment

Preview file
11 KB
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ANTONIO DEUS

‎01-23-2023 06:13 AM

Your config misses two eventual parts:

  1. The VLANs need to be added to the Flex-Profile
  2. The policy profile needs an "aaa-override"

 

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to Karsten Iwen

‎01-23-2023 06:29 AM

Hi Karsten Iwen,

Can you provide an example for both misses config?

Thanks

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to ANTONIO DEUS

‎01-23-2023 06:41 AM

This is my flex profile and policy profile:

wireless profile flex default-flex-profile
 description "default flex profile"
 native-vlan-id 1076
 vlan-name IoT
  vlan-id 1162
 vlan-name USER
  vlan-id 1032
 vlan-name GUEST
  vlan-id 1161

wireless profile policy whichever-policy-you-want-to-change
 aaa-override

Go to solution
ANTONIO DEUS
Level 1
Level 1
In response to Karsten Iwen

‎01-23-2023 06:47 AM

Thank you Karsten Iwen.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card