I found 2 related docs about wireless vlan assign with single SSID, but my question is what happened if ACS/Radius server down or authentication fails. In wired 802.1x situation we could define failure vlan and guest vlan, but I didn't find any doc shows WLC supports this feature except 5700 serial, any idea?
What you can do is create an "dummy" interface on the AirOS based controller and assign that interface to the WLAN. Configure this interface just as a normal one except for the fact that the VLAN ID is not in use on the switching side. If there is no VLAN information provided from the RADIUS server when the client is being authenticated the client will be stuck in that non existing network.
Freerk, I got your point, I'm just suppose what happened if no RADIUS response to my wireless 802.1x client(AAA server down~), dose it associated the SSID with 802.1x if authentication not pass ?
If you don't configure any fallback methods -local authentication on the controller for example- the client can still associate but will never made it through the authentication phase. Because the controller has no reachable RADIUS server (or the authentication request timed out in the process) the controller will deauthenticate the client.
Please rate useful posts... :-)
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
