Cisco 2504, internal wlan set to vlan 1 will not authenticate to Radius Server
I am getting ready to deploy a Cisco 2504 WLC
I have three wlan interfaces setup on the WLC
management - vlan 50 on port 1
internal - vlan 1 uses radius to authenticate users on port 3
guest - vlan 20 - open with web-auth on port 2
The internal network uses a radius server to authenticate.
When the internal wlan interface is set to vlan 1, it does not communicate to the Radius server. However if I set the internal wlan interface to vlan10 everything works. I have checked the logs of the radius server, when it set to vlan1 it doesn't even attempt to communicate with it.
If I set the internal interface on vlan1 not to authenticate to the radius server then it will work.
Re: Cisco 2504, internal wlan set to vlan 1 will not authenticat
If you have the vlan set to 1, for interface inside, it will send all the traffic tagged with vlan 1. On the switch, you have not specified the switchport trunk native vlan, so by default the native is 1. When a dot1q trunk receives traffic with it's own native vlan set, it will drop the packet.
So you can either change the interface inside to b vlan 0 (untagged), or even better set the switchport trunk native vlan on f0/10 to be an invalid vlan. that way if any traffic happens to hit it without a tag, it will get dropped into the bit bucket.
Further, you should not place any server the clients or WLC need to speak with in a subnet the WLC has a dynamic interface for. The WLC should be sending all of it's requests via the management interface, but if the Server is in a dynamic interfaces range, it will send to the closer match.