cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
167
Views
1
Helpful
1
Replies

WLC 5520 Flexconnect AP with EoGRE

brian.holmes
Level 1
Level 1

on a 5520 WLC v8.10.183

We have been able to get a Flexconnect AP to build a EoGRE tunnel and put clients on it.
We have also been able to get a Flexconnect AP to drop client onto a Local VLAN as well.

We would like to configure one WLAN on the Flexconnect AP and place the client on the EoGRE tunnel or Local VLAN dynamically based on the return values from AAA/ISE.

When we set the WLAN Profile > Tunnel Profile to our EoGRE profile, all clients are placed on the EoGRE tunnel
even though we return just the VLAN from the AAA server.

When we set the WLAN Profile > Tunnel Profile to none, all clients are placed on the local AP vlan
even though we send these Cisco AV-Pairs from AAA/ISE

gw-domain-name=abc123
mn-service=ipv4
cisco-mpc-protocol-interface=eogre
Primary-Tgw-IP=1.1.1.1
Secondary-Tgw-IP=2.2.2.2

In the EoGRE tunneling guide under Flexconnect it states the following:

  • 802.1x authenticated “simple” and “tunneled” EoGRE clients are supported on the same WLAN.

  • Based on authentication, clients are separated into local or tunneled mode.

Is what I am trying to deploy possible?   Is there any guide to what AV-Pairs should be returned from ISE to make it happen?

 

Brian Holmes
Verizon
1 Reply 1

Rich R
VIP
VIP

Never tried to do this myself so don't know the answer but from trying to find the right AV-pairs for other previous issues I can confirm the documentation is poor to non-existent. Unless you have a known working setup you can do a packet capture on, it's just trial and error!
TAC usually have no idea (unless you get very lucky and get an engineer who has personal experience with this). We've had trouble even getting 1st line TAC to understand the question (took weeks and numerous emails), never mind know the answer (don't know)!

I'd say your best bet is to contact your account team SE (or whatever they call them these days) and they may be able to find somebody in wireless BU who could answer your question.

Review Cisco Networking for a $25 gift card