WLAN Controller configuration help needed


I need to configure AP with WLAN controller for guest access. we have 2 vlans. vlan 1 - guess vlan (internet only access) and vlan 2 - all access.

while configuring wlan controller. which vlan should i configure as native vlan? I have radius server which would check health of the user and would direct wlan controller to put in user in vlan 1 or 2 depending on its credentials.

please advise how to implement it. what would be initial steps.

I have couple of doubts before going further for solution to implement ?

What model of wlan controller & AP , you are using ?

to configure the Controller , initially you need to configure the interface ( which are virtual ) .

You need to connect controller to your existing LAN set-up may be one of the port of your core switch ............

below are the interface which you need to configure in controller .......

1) Management interface with IP ( which will be used to access your controller from lan ... ) this is ip should be able to ping from the network.

2) AP manager IP ( this is again depend on model ) if it is 5500 , this is not required ..

3) Virtual IP : this is should the IP address which is not at all there in your lan eq.

4) dynamic interface with IP : this is the interface which will map your vlan to WLAN

once you create the mentioned interfaces , you need to create the wlan and map the above dynamic interface with respective wlan.if required you can configure the DHCP pool as well in controller for Wlan.

let me know , whether this information helped  you ........................

I'm using wlan controller 4402 and AP 1242AG.

since i'm concerned about two vlans, will i have to configure two wlan? which vlan should user land up first before Radius server decided the final vlan?

I would encourage you to read the following links to aid you with your configuration.

- The below link is an example of Dynamic VLAN assignment. This will show you how to configure the WLC and Cisco ACS.

Dynamic VLAN Assignment with RADIUS Server and Wireless LAN Controller Configuration Example

Mr. George has given you exact link from where , you will get information about dynamic vlan assignment. Please go through it and let us know , if you have any further query.

could you tell me if it should work using L3/webauth instead of 802.1x? the WLC retrieves the new vlan-id from the ACS but it is not applied properly on the WLAN itf

You cannot do vlan assignement with web authentication for a very simple reason :

-Before it is authenticated, the client is allowed to get an ip address in order to access to the web page.

-If it has already an ip address, we can't change its vlan after authentication because it would push the client into another subnet making its ip meaningless ....

