Home > cisco > Radius NAC with 802.1x on Cisco WLC doesn't assign correct dynamic VLAN ID

Radius NAC with 802.1x on Cisco WLC doesn't assign correct dynamic VLAN ID

October 30Hits:22
Advertisement

I'm implementing a NAC solution in my company, but I have come to dead end.

My setup: Cisco WLC + MS based Radius server integrated with AD. The idea is to have 4 VLANs. Everything works as it should with the wired network but not using the Cisco WLC.

The plan is to have one SSID with dynamic VLAN assignment based on Radius network access policies. Everything is configured, authentication works, but the dynamic VLANs are not being assigned. I see, in the Radius log, that authentication is successful, and VLAN attributes are being sent, but the client is still getting the default VLAN.

I went through hundreds of guides, and each one is different.

My hunch is that there is something wrong with the intrface_group/flexconnect_group configuration, but I can't figure out what it is because Cisco's WLC GUI configuration is such a mess with all those checkboxes, which when enabled, disables something else...

The WLC model is AIR-CTVM-K9, SW ver. 7.6.130.0

Edit: How should configuration look like in WLC>wireless>FlexConnectGroups under a specific group and Wlan Vlan mapping in My case, when I use one SSID(wlan) and multiple Vlans?

Related Articles

  • Radius NAC with 802.1x on Cisco WLC doesn't assign correct dynamic VLAN ID October 30

    I'm implementing a NAC solution in my company, but I have come to dead end. My setup: Cisco WLC + MS based Radius server integrated with AD. The idea is to have 4 VLANs. Everything works as it should with the wired network but not using the Cisco WLC

  • Dynamic VLANs with FreeRadius, OpenLDAP & Cisco WLCAugust 13

    Currently have a FreeRADIUS 1.1.6 server authenticating users from OpenLDAP which are stored in the posixAccount account schema. We've now installed a Cisco WLC, and want to authenticate those users over 802.1X (which is successfully working), but al

  • Cisco WLC - SSID configuration not written to APsMarch 19

    I am trying to solve a problem with a Cisco WLC (virtual) running 7.4. This has a single AP joined, a 1602E, running the 7.4 LWAPP image. There is an AP group configured, which this AP is a member of, and there is a basic WPA2-PSK WLAN defined, broad

  • Can FlexConnect ACLs be combined with Local mode ACLs on the same Cisco WLC WLAN?May 26

    There's a limitation (stated below in Cisco's documentation) that FlexConnect ACLs in Cisco WLC cannot be combined in the same WLAN with local mode ACLs. The GUI allows the entry of a local mode ACL in the Interface tied to the WLAN and also a separa

  • Real time Rssi from Clients from a Cisco WLCNovember 25

    I have a Cisco WLC and different LWAPPs. What I am looking for is a way to be able to get in the WLC the rssi of all connected clients. For the moment I am able to access through SNMP to the AIRESPACE-WIRELESS-MIB on the WLC. There I can access the b

  • How do I setup dynamic VLAN assignment on an autonomous Cisco 1142n?September 26

    I've gotten my Cisco 1142n autonomous AP configured with every option under the sun, but I still can't get dynamic VLAN assignment working! I verified the following: I give priority to VLAN assignment via RADIUS with aaa authorization network default

  • 802.1x dynamic vlan assignment not assigning VLANMay 12

    I recently dived into 802.1x authentication with dynamic vlan assigment. My current set up contains of: - A client - A SG220 cisco switch (the supplicant) - A freeradius (authenticator) based on an LDAP AD - A fortigate for firewall purposes and acti

  • Need help getting Dynamic VLAN Assignment working with RADIUS and Dell PowerConnect 3524September 5

    I'm attempting to get Dynamic VLAN Assignment working on a number of Dell PowerConnect 3524 switches. I've got a two RADIUS servers, both of which I've proved to be working using radtest on Linux. One of the servers (Priority 0) is hosted on the netw

  • Configure radius server via GUI in Cisco WLC

    Configure radius server via GUI in Cisco WLCApril 23

    My boss asked me to create a lobby administration for user authentication in a certain Virtual LAN. So I googled for it, and I found out that RADIUS server will work for this. And I've reached this step of configuring the RADIUS Authentication, and I

  • Configuring a RADIUS server for 802.1x over a Cisco SwitchJune 17

    I am trying to set up RADIUS authentication over a Cisco switch and I have gone through every tutorial they have. I am able to get the RADIUS server to authenticate when I access the CLI of the Cisco switch, but I am not sure which setting to change

  • Cisco WLC: Per user authentication, many Vlans, few SSIDsSeptember 12

    We have a simple problem. We want to restrict our wireless users to certain business websites based on their username when they login. We have many kinds of wireless devices: voip phones, cell phone, laptops, barcode scanners, and tablets. Suppose th

  • RADIUS authentication on Cisco switches: how to assign privilege levels?March 24

    I need to configure some Cisco switches (IOS 12.x) to authenticate against a RADIUS server; the server is Windows Server 2003's IAS, and it validates users against his Active Directory domain. I know how to configure the switches to validate username

  • Issues getting a Cisco WLC 5508 to find AIR-LAP1142NSeptember 26

    hoping someone can help me with a problem here. I'm attempting to setup a test (loan from Cisco) wireless network. Here's what i've got/done: 5508 Controller - Service Port IP set to 10.74.5.2 /24. Management IP set to 10.74.6.2 /24 with a default ga

  • CISCO WLC: use LAG or not?July 22

    Could you advise from your own experience is it good practise to use LAG (Link Aggregation) on CISCO wireless lan controllers on not? Benefits (as for me): redundancy and a little bit simplification (less interfaces). Drawbacks: LAG doesn't support a

  • Configuring Cisco ASA 5510 to assign static IP address based on MAC addressFebruary 23

    We have a CISCO ASA 5510 at work. We want to configure the same such that it can serve specific IP addresses based on the MAC address of the clients. Any help would be greatly appreciated. Thanks in advance -knd --------------Solutions------------- Y

  • Cisco Phone (7961) won't find voice vlanJanuary 16

    We have a cisco phone system setup successfully. I am setting up a bunch of phones, of which, one keeps getting an data vlan ip address from the DHCP server. Any suggestions? I have factory reset the phone a number of times. --------------Solutions--

  • What is "Cisco STG" and why would it dynamically replace a wildcard certificate on port 5061?

    What is "Cisco STG" and why would it dynamically replace a wildcard certificate on port 5061?February 11

    I have a lync client that is connecting to a Lync Edge server on port 5061. I get an invalid certificate error when connecting. When I run wireshark, during the TLS setup, and inside the certificate I see an unexpected issuer with an RDN sequence of

  • Cisco switch:change mac type from dynamic to static in consoleDecember 20

    How to change mac from static to dynamic in mac-address-table (switch)?I find this official source but still not understand what options I must choose. Something like this: switch(config)# mac-address-table static 12ab.47dd.ff89 vlan 3 interface fast

  • Cisco SG200-26 - Can't change management VLAN

    Cisco SG200-26 - Can't change management VLANDecember 6

    I've purchased a new SG200-26 switch and upgraded it to the newest possible version: I configured multiple VLANs - nothing special - however if I try now to change the management VLAN (as I did multiple times for my SG200-8 switches) I simply can't:

  • MAB and 802.1x Issue - MAB-authenticated device gets droppedApril 11

    I'm trying to use 802.1x to authenticate clients on my network with dynamic VLAN assignment from RADIUS. We have IP-Phones(powered by PoE) that only supports EAP-MD5, and we would rather use MAB(it also uses LLDP-MED for some settings) to authenticat

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.647 s.