VLAN assignment from ACS not applied

Unanswered Question
Feb 4th, 2009

WLC 4402 5.2.157.0

ACS Express 5.0.0.18

We have an issue where the VLAN assigned on the ACS isn't applied on the 4402 WLC.

We have 'Allow AAA Override' checked on the WLAN, the QoS is overridden to bronze properly, but the VLAN stays at 0 and the interface at management. The VLAN interface is configured on the WLC.

On the ACS the following are configured for the RADIUS response:

Radius-IETF Tunnel-Medium-Type 802

Radius-IETF Tunnel-Type VLAN

Radius-IETF Tunnel-Private-Group-ID 44

Cisco Airespace Airespace-QoS-Level Bronze

The accounting log shows:

Wed, 04 Feb 2009 09:50:02

User-Name = guest

NAS-IP-Address = 10.30.1.2

NAS-Port = 1

Framed-IP-Address = 10.30.1.12

Called-Station-Id = 10.30.1.2

Calling-Station-Id = 10.30.1.12

NAS-Identifier = Cisco4402WLC

Acct-Status-Type = Start

Acct-Session-Id = 4989b927/00:1a:73:ed:bf:ca/2

Acct-Authentic = RADIUS

Airespace-WLAN-Id = 2

Thanks for any help or advice you can provide to troubleshoot this issue.

-Brian

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bhoops Wed, 02/04/2009 - 07:57

From the Clients -> Details screen on the WLC...

CLIENT PROPERTIES

MAC Address 00:1a:73:ed:bf:ca

IP Address 10.30.1.12

Client Type Regular

User Name guest

Port Number 1

Interface management

VLAN ID 0

CCX Version CCXv4

E2E Version Not Supported

Mobility Role Local

Mobility Peer IP Address N/A

Policy Manager State RUN

Mirror Mode Disable

Management Frame Protection No

SECURITY INFORMATION

Security Policy Completed Yes

Policy Type N/A

Encryption Cipher None

EAP Type N/A

NAC State Access

QUALITY OF SERVICE PROPERTIES

WMM State Enabled

U-APSD Support Disabled

QoS Level Bronze

Diff Serv Code Point (DSCP) disabled

802.1p Tag disabled

Average Data Rate disabled

Average Real-Time Rate disabled

Burst Data Rate disabled

Burst Real-Time Rate disabled

Stephen Rodriguez Thu, 02/05/2009 - 08:21

when you are trying to use AAA to change the vlan the client is using on a WLC, you don't use the VLAN number, you use the interface name. So for :

Radius-IETF Tunnel-Private-Group-ID

use the interface name and not the VLAN number.

HTH,

Steve

bhoops Thu, 02/05/2009 - 08:51

Steve, Thank you for your response, however changing it to the interface name did not change the result. The VLAN is still untagged and using the management interface.

Do you have any other suggestions I can try?

Thanks,

Brian

Actions

This Discussion

 

 

Trending Topics - Security & Network