I'm implementing a NAC solution in my company, but I have come to dead end.
My setup: Cisco WLC + MS based Radius server integrated with AD. The idea is to have 4 VLANs. Everything works as it should with the wired network but not using the Cisco WLC.
The plan is to have one SSID with dynamic VLAN assignment based on Radius network access policies. Everything is configured, authentication works, but the dynamic VLANs are not being assigned. I see, in the Radius log, that authentication is successful, and VLAN attributes are being sent, but the client is still getting the default VLAN.
I went through hundreds of guides, and each one is different.
My hunch is that there is something wrong with the
intrface_group/flexconnect_group configuration, but I can't figure out what it is because Cisco's WLC GUI configuration is such a mess with all those checkboxes, which when enabled, disables something else...
The WLC model is AIR-CTVM-K9, SW ver. 22.214.171.124
Edit: How should configuration look like in WLC>wireless>FlexConnectGroups under a specific group and Wlan Vlan mapping in My case, when I use one SSID(wlan) and multiple Vlans?