We currently have a Wired 802.1x network using Cisco 3500 and 2900 series switches.
We are adding wireless network using LWAPP and a 2106 WLC. The issue I have is that I cannot restrict users logging into different SSID's.
So on the Wired network User A logs on and is placed on VLAN A and User B goes on VLAN B. On the Wireless side I assign each SSID to a certain VLAN but I am finding that the WLC2106 is not reading the VLAN info(it makes sense seeing as it does not use VTP Trunks). So I configured a NonIP NAR on the ACS server but I found that if I apply this to VLAN A only UserA is allowed to access the SSID A but it breaks the Wired 802.1X(wired does not send the DNIS attribute, or if it does I do not know what it is). If I add a second condition with all * then allow if either condition is met I again open up WLan A to all users authenticating.
Right now the only way I can see this working is if I have two separate Radius servers(one for Wireless and one for Wired) or if Cisco makes a Controller that allows trunking and is smart enough to read the VLAN settings on the Wired side.
Does anyone have any suggestions?
Is this what you need?
Not sure what you're trying to do, other than needing VLAN-Assignment on your 2106, which should be supported.
Hope this helps,