Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
4
Replies

WLC Avpair SSID management since 8.3?

Konstantin Kabassanov
Level 1
Level 1

‎04-13-2020 03:24 AM - edited ‎07-05-2021 11:55 AM

Hello,

 

While making some tests on my WISM2 controller, I found that there was some filtering based on the avpair ssid field sent by the radius server. A long time ago, this feature was only available on autonomous access points and was not supported by wireless controllers. The only reference I found about this change is in the configuration guide of 8.3 version while talking about "VAP ID":

"The rejection, based on the response from the AAA server, is because of the SSID Cisco AVPair support".  Do you have any information about this?

 

Thanks.

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎04-13-2020 10:56 AM

Hi

 Onde WLC side, despite a supported version, usually you need check "AAA Override" on the advanced tab of the requided WLAN. 

Here a reference guide about Vendo Specific Attributes:

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_01010.html 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Konstantin Kabassanov
Level 1
Level 1
In response to Flavio Miranda

‎04-13-2020 11:19 AM - edited ‎04-13-2020 11:20 AM

Hi Flavio,
Thanks for you reply. I got the same document, but I can't see what packet with "ssid=MYWIRELESS" string value as AV pair matches these examples.

0 Helpful

Flavio Miranda
VIP
VIP
In response to Konstantin Kabassanov

‎04-13-2020 11:52 AM

You are trying to do things with the SSID as attributes, right?  The way i undestand, on the WLC you need to check "AAA override". The policy you need to create on the ISE or any radius you are using. 

 On the radius you can create policy based on the SSID or WLAN ID. 

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Konstantin Kabassanov
Level 1
Level 1
In response to Flavio Miranda

‎04-13-2020 12:19 PM

Flavio,
I have already everything I need in my freeradius configuration. I was just doing some other tests (yes, with AAA overriding) and I had some troubles to connect the wireless client, because in its ethernet records in the radius server, in addition to the 3 fields related to the vlan assignation, I had also an AV pair ssid=WRONG_SSID. So when wlc received the access-accept for the MAC address with these fields, it just stopped processing the reply and started a new request. So I was simply surprised to see that the reason was something that had been missing until then.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card