09-19-2010 07:21 PM - edited 07-03-2021 07:11 PM
Hi,
I need to configure AP with WLAN controller for guest access. we have 2 vlans. vlan 1 - guess vlan (internet only access) and vlan 2 - all access.
while configuring wlan controller. which vlan should i configure as native vlan? I have radius server which would check health of the user and would direct wlan controller to put in user in vlan 1 or 2 depending on its credentials.
please advise how to implement it. what would be initial steps.
09-20-2010 10:58 PM
Hi,
I have couple of doubts before going further for solution to implement ?
What model of wlan controller & AP , you are using ?
to configure the Controller , initially you need to configure the interface ( which are virtual ) .
You need to connect controller to your existing LAN set-up may be one of the port of your core switch ............
below are the interface which you need to configure in controller .......
1) Management interface with IP ( which will be used to access your controller from lan ... ) this is ip should be able to ping from the network.
2) AP manager IP ( this is again depend on model ) if it is 5500 , this is not required ..
3) Virtual IP : this is should the IP address which is not at all there in your lan eq.1.1.1.1
4) dynamic interface with IP : this is the interface which will map your vlan to WLAN
once you create the mentioned interfaces , you need to create the wlan and map the above dynamic interface with respective wlan.if required you can configure the DHCP pool as well in controller for Wlan.
let me know , whether this information helped you ........................
09-20-2010 11:16 PM
I'm using wlan controller 4402 and AP 1242AG.
since i'm concerned about two vlans, will i have to configure two wlan? which vlan should user land up first before Radius server decided the final vlan?
09-21-2010 07:12 PM
Irfan,
I would encourage you to read the following links to aid you with your configuration.
- The below link is an example of Dynamic VLAN assignment. This will show you how to configure the WLC and Cisco ACS.
09-21-2010 10:25 PM
Hi,
Mr. George has given you exact link from where , you will get information about dynamic vlan assignment. Please go through it and let us know , if you have any further query.
11-17-2010 08:32 AM
Hi,
could you tell me if it should work using L3/webauth instead of 802.1x? the WLC retrieves the new vlan-id from the ACS but it is not applied properly on the WLAN itf
11-17-2010 09:26 AM
You cannot do vlan assignement with web authentication for a very simple reason :
-Before it is authenticated, the client is allowed to get an ip address in order to access to the web page.
-If it has already an ip address, we can't change its vlan after authentication because it would push the client into another subnet making its ip meaningless ....
Hope this helps
Nicolas
---
Don't forget to rate answers that you find useful
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide