RADIUS Dynamic VLAN Assignment with configured WDS. Is it possible?

Unanswered Question
Feb 6th, 2010
User Badges:

We have some APs (AP1, AP2, etc) with confugured WDS on one AP.

On APs configured two SSID with two static assigned VLANs:

dot11 ssid K-Internet
   vlan 3
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii <WPA Key>
dot11 ssid K-Private
   vlan 1
   authentication open eap EAP_WDS
   authentication network-eap EAP_WDS
   authentication key-management wpa
   mbssid guest-mode
interface Dot11Radio0
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 3 mode ciphers aes-ccm tkip
broadcast-key vlan 1 change 900
broadcast-key vlan 3 change 900
ssid K-Internet
ssid K-Private
wlccp ap username <USERNAME> password <PASSW>


aaa authentication login WDS_Auth_Client group rad_eap

wlccp ap username <USERNAME> password <PASSW>
wlccp authentication-server infrastructure WDS_Auth_Infrastructure
wlccp authentication-server client any WDS_Auth_Client
wlccp wds priority 100 interface BVI1

All works Ok with EAP-FAST authentication on Cisco ACS RADIUS.
But now I want to use per user Dynamic VLAN Assignment.
(IETF RADIUS Attributes 64,65,81)

I want to connect to SSID K-Private and move to VLAN 3 for example.

On WDS AP I see:

WDS-AP# show wlccp wds mn detail

MAC: 0015.af95.3d52,  IP-ADDR:,  State: REGISTERED
BSS: 0019.a9b6.70a1, SSID: K-Private
Vlan Assigned by AAA: 3   ( <--- VLAN 3, All Ok)
Ntwrk-ID:   -
Key Mgmt: None,  Authentication: EAP

But on AP1 nothing changed:

AP1# show dot11 associations all-client

Address           : 0015.af95.3d52     Name             : NONE
IP Address        :       Interface        : Dot11Radio 0

State             : EAP-Assoc          Parent           : self
SSID              : K-Private
VLAN              : 1     ( <--- VLAN 1 )
Key Mgmt type     : WPAv2-CP           Encryption       : AES-CCMP

What I need to configure to make this feature worked?
Thanks for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content



Trending Topics - Security & Network