aaa override on a 4402

Unanswered Question
Apr 8th, 2008
User Badges:

4402 controller with 4.0.602 code, MS XP Client, 802.1x authentication, device and user authentication:


The controller is configured with (2) SSIDs: Secure, Public.

There are (3) VLANs I want to place the devices in after user authentication (obviously machine authentication occurs prior to this). The (3) VLANs are Staff, Student and Faculty; numbered 10, 20 and 30.


Here is what happens.

The machine associates with the secure ssid, authenticates and is placed in the student vlan (20) - this is the VLAN I have assigned to the SSID by default.


I have aaa-override enabled.


A staff or faculty member logs on and is authenticated. The controller receives the new VLAN assignment from the radius server. I can see this if I go to client details and it shows the IP address and VLAN assignment.


Here is the kicker - the IP address is still the original IP address it was assigned from the original machine authentication when it was placed in the student VLAN, not what it should be in the staff or faculty vlan.


So I do a ipconfig /release and /renew at the client and I still get the same IP address not one from the staff or faculty VLAN.


It appears as if the VLAN was sent to the controller but never really applied.


I am using the DHCP Server within the 4402 controller.


Any thoughts or leads would be helpful.


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

If you are centraly switching (AP not in HREAP) when the client connects on the first time, they will get an IP from that DCHP in the assigned SSID. When you send the VLAN tag from the RADIUS/ACS server, then the AP will tag the client traffic with the particular 802 tag. The controller will "proxy" the traffic into the vlan you have sent, this is transparent to the client, the controller takes care of everything. - in theory, only seen this on a course....never been able to test!


HTH

fcollett Fri, 04/11/2008 - 09:21
User Badges:

I will do further testing next week and get back to you.


Thanks

k.abillama Fri, 12/12/2008 - 23:57
User Badges:

Hi guys, I have the same problem, has this been resolved?

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode