Multiple Vlans specified by ACS using IETF Attributes

sjaworsk · ‎07-19-2005

I have 4 ssids mapped to 4 vlans. SSID Guest mapped to vlan 100, FacStaff to vlan 200, Student to vlan 300 and CompLab to vlan 400 using AP 1200 and AP 1130 version 12.3(4).

I have 2 radius groups Facstaff and Student using ietf radius attributes using ACS SE 3.3.2

[064] Tunnel-Type

[065] Tunnel-Medium-Type

[081] Tunnel-Private-Group-ID

The Facstaff group is setup for vlan 200 and the student group is setup for vlan 300. The radius attributes work as expected. Users in the facstaff group cannot pass traffic in vlan 300 and users in the student group cannot pass traffic in vlan 200.

I need users in facstaff and student groups to be able to pass traffic on vlan 400 which is the CompLab ssid. This is because laptops supplied by IT need to allow both groups to logon.

Can the AP 1200 or 1130 recognize multiple vlans specified by the ACS Server. I have tried setting up multiple tag values. Then use [083] Tunnel-Preference to specify a priority. Does any one have any ideas about approaching this from a different angle or a solution?

beth-martin · ‎07-25-2005

The following documents explains the various attributes that needs to be set,

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo1100/accsspts/i1234ja/i1234sc/s34vlan.htm#wp1038739. Check if you have set all the attributes.

dcavanaugh · ‎08-08-2005

Under INTERFACE CONFIGURATION --> RADIUS(IETF) scroll to the bottom of the page. ADVANCED CONFIGURATION OPTIONS, increase the tags to 2.