WLC Web-Auth, ACS & VLAN Assignment

Unanswered Question
Apr 14th, 2008

I have cisco lwapp setup with wlc and acs server. In the ACS i have two user groups provisioned. At the WLC, I have 1 SSID each for these two groups.

The target is to get each users in the pecified group eg group 1, to get into vlan 1. And the same goes to group 2 and vlan 2.

Right now, everyone can logon into any ssid using username from any group. We are using the web-auth method.

Any idea on how to restrict the users in specific group into a specific vlan?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
bbxie Mon, 04/14/2008 - 21:26

although cisco's Identity Network can allocate different VLAN according to username, but it doesn't support web-auth, only support MAC filtering, 802.1X, and WPA at this moment. So if you have to use web-auth, the answer is no, if you can change it to be others such as 802.1x, you can do it by configure following tunnel attributes in ACS:

• Tunnel-Type=VLAN (13)

• Tunnel-Medium-Type=802

• Tunnel-Private-Group-ID=VLANID

aizudin_aliyeon Mon, 04/14/2008 - 23:45

yes. right.

I did that but seems doesn't work when authed using web-auth. Changing to other security method is not an option right now as the web-auth is more presentable to end users and less hassle to connect to the network itself.


This Discussion



Trending Topics - Security & Network