Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1126
Views
0
Helpful
5
Replies

WLC 5500 802.1x problems

mbrsantos
Level 1
Level 1

‎10-27-2011 09:04 AM - edited ‎07-03-2021 09:00 PM

So here is the problem that i have.

I have a WLC 5500 in site A ( let´s say city A too ) with its own set of wlans ( wlan 1 , wlan 2 ... ) that are used to differentiate different types of users ( teachers, students, etc )  using a RADIUS server and a AD for this client and using 802.1x. Everything on site A is working fine.

Now i´m trying so set an access point in site B ( in city B ) with its own set of wlans ( wlan X, wlan Y ... ) that is also used to differentiate clients, site B as its own DHCP, its own RADIUS and its own AD. I´ve managed to connect the access point to the WLC and set wlans for site B. My problem now is that when a user tries to connect to wlan X and he is suppose to be in wlan Y, he is not forwarded to wlan Y and is left in wlan X. I´ve also configured HREAP.

Does anyone as any idea why the clients aren't being assigned to the correct wlan??

I´ve checked in the Radius server and its sending the correct wlan to the user.

I now that the text is probably a little bit confusing, but i hope that someone can help me.

Thanks in advanced.

Labels:
0 Helpful
5 Replies 5

Salil Prabhu
Cisco Employee
Cisco Employee

‎10-27-2011 12:28 PM

Hi Miguel,

Can you go over this link to restrict SSID per user.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml

May be compare Radius config on each Site and see if you missed out something ?

Thanks..Salil

0 Helpful

mbrsantos
Level 1
Level 1
In response to Salil Prabhu

‎10-28-2011 02:07 AM

I there.

First of all thanks a lot for the reply.

The problem is not restrinting users per SSID, that i do with the radius server. The problem is redirecting users to their correct wlan.

Thanks

Miguel Santos

0 Helpful

mbrsantos
Level 1
Level 1
In response to mbrsantos

‎10-28-2011 02:10 AM

I think that i saw somewhere that hreap does not allow dinamic wlan changes. That´s a real pain!!

Does anyone as any ideia how to connect two remote sites without hreap??

Thanks

Miguel Santos

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to mbrsantos

‎10-28-2011 04:41 PM

You are right, it is not supported:

Note: If the APs are in H-REAP mode and locally switched at the remote site, the dynamic assignment of users to a specific VLAN based on the RADIUS server configuration is not supported. 

Since you can't do dynamic vlan, why not have two policies, one for teachers and the other for students.  You will need to have then in seperate groups in AD also.  Then filter on the ssid and the AD group, so if students try to access the teachers ssid using their credentials, they get rejected and vice versa.

I don't know what you mean by connecting two site without h-reap.  The only other way is switching the AP to local mode, which you better have some good bandwidth.

Scott

-Scott
*** Please rate helpful posts ***
0 Helpful

mbrsantos
Level 1
Level 1
In response to Scott Fella

‎10-31-2011 04:57 AM

I there.

Thanks a lot for replying.

I don´t think that i have enough bandwitdth for this work without h-reap. I´ll just have to figure another way for this to work.

Thanks again.

Miguel Santos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card