Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

setting wireless vlan by radius

Hi all,

one of our customers would want to assign the vlan that one is put after authentication, in a centralized way using a radius server (radiator).

The leap protocol is working well, but the radius doesn't seem to pass the attributes for the vlan setting to the AP 1100 we're using.

The configuration of the AP is

AP251-Piano1_1#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C1100 Software (C1100-K9W7-M), Version 12.2(8)JA, EARLY DEPLOYMENT RELEASE SO

FTWARE (fc1)

AP251-Piano1_1 uptime is 23 hours, 35 minutes

System returned to ROM by power-on

System image file is "flash:/c1100-k9w7-mx.122-8.JA/c1100-k9w7-mx.122-8.JA"

Product/Model Number : AIR-AP1120B-E-K9

Configuration register is 0xF

AP251-Piano1_1#sh run

Building configuration...

Current configuration : 2932 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname AP251-Piano1_1

!

aaa new-model

!

!

aaa group server radius RADIUS

server 150.1.244.71 auth-port 1812 acct-port 1813

!

aaa authentication login RADIUS group radius

aaa accounting update periodic 5

aaa accounting network RADIUS start-stop group radius

aaa session-id common

enable secret <snip>

enable password <snip>

!

ip subnet-zero

!

dot11 holdoff-time 5

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

encryption key 1 size 128bit <snip> transmit-key

!

encryption vlan 151 mode wep mandatory

!

encryption vlan 150 mode wep mandatory

!

broadcast-key change 300

!

ssid uni150

vlan 150

authentication open eap RADIUS

infrastructure-ssid

!

ssid uni151

vlan 151

authentication open eap RADIUS

authentication network-eap RADIUS

accounting RADIUS

!

speed basic-1.0 2.0 5.5 11.0

rts threshold 2312

station-role root fallback repeater

no cdp enable

dot1x reauth-period server

!

interface Dot11Radio0.150

encapsulation dot1Q 150 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.151

encapsulation dot1Q 151

no ip route-cache

no cdp enable

bridge-group 151

bridge-group 151 subscriber-loop-control

bridge-group 151 block-unknown-source

no bridge-group 151 source-learning

no bridge-group 151 unicast-flooding

bridge-group 151 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.150

encapsulation dot1Q 150 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.151

encapsulation dot1Q 151

no ip route-cache

bridge-group 151

no bridge-group 151 source-learning

bridge-group 151 spanning-disabled

!

interface BVI1

ip address 172.16.150.251 255.255.255.0

no ip route-cache

!

ip default-gateway 172.16.150.1

ip http server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/ivory

/1100

ip radius source-interface BVI1

snmp-server community eolo RO

radius-server host 150.1.244.71 auth-port 1812 acct-port 1813 non-standard

radius-server retransmit 10

radius-server timeout 20

radius-server deadtime 1

radius-server attribute 32 include-in-access-req format %h

radius-server key xxxxx

radius-server vsa send accounting

radius-server vsa send authentication

bridge 1 route ip

---------

While the radiator users configuration is :

############################

#LEAP

############################

pippo Password="xxxx"

Tunnel-Type= VLAN,

Tunnel-Medium-Type= 802,

Tunnel-Private-Group-ID = "150",

cisco-avpair = "ssid=uni151"

------------

Have anyone already encountered the same problem?

Some hint?

TIA.

2 REPLIES
New Member

Re: setting wireless vlan by radius

Isn't the VLAN assignment tied to the SSID?

New Member

Re: setting wireless vlan by radius

On IAS I had to use 10031 for vlan 31......

Maybe you can change the Tunnel-Private-Group-ID to 10150 and see ifthat works....

Don Hickey

245
Views
0
Helpful
2
Replies