Dear Community,
I have the following Wi-Fi network:
- Cisco Mobility Express 8.10.151
- 4 x AIR-AP2802I-E-K9
-17 x AIR-CAP1702I-E-K9
- 4 x SSID (2 x WPA2-PSK & 2 x WPA2-Enterprise)
- 2 x AP-group (SiteA (default-group) and SiteB (SiteB-group))
Problem description:
- On SiteB only 2 of the 4 SSID-s are needed, therefore I have configured a "SiteB " group for the AP-s with SSID3 and SSID4.
SSID4 network uses WPA2-Enterprise and users are authenticated by a freeradius server. Based on username, users had to be assigned to VLAN40 or VLAN50.
- On SiteA (where AP-s are in the „default-group”) everything works fine, users are assigned to the corresponding VLANs based on their username.
- On SiteB (where AP-s are in the „SiteB-group”) every user is assigned to the SSID’s default VLAN (VLAN40), username based VLAN assignment does not work.
I’ve checked, that:
- AP-s on SiteB have access to all the above mentioned VLANs
- On SiteB every authenticated user is assigned to VLAN40, as seen in the mac-address-table of the switch.
- The freeradius server tells the Controller the correct VLAN ID, the controller GUI shows the correct VLAN ID, but at the same time, the mac-address-table of the switch shows that users who should be in VLAN50 are in VLAN40.
- If I configure a new AP group on SiteA, the same issue exists.
I suspect that this is a bug or did I overlook something?
Any help is appriciated, thank you!
Kalman
Hi
" On SiteB (where AP-s are in the „SiteB-group”) every user is assigned to the SSID’s default VLAN (VLAN40), username based VLAN assignment does not work."
When you created the "SiteB-group", did you add the SSID and associated to its correct vlan inside the group?
As you can see on this group example, the SSID must be associate with the proper Interface or interface group.
