4402 controller with 4.0.602 code, MS XP Client, 802.1x authentication, device and user authentication:
The controller is configured with (2) SSIDs: Secure, Public.
There are (3) VLANs I want to place the devices in after user authentication (obviously machine authentication occurs prior to this). The (3) VLANs are Staff, Student and Faculty; numbered 10, 20 and 30.
Here is what happens.
The machine associates with the secure ssid, authenticates and is placed in the student vlan (20) - this is the VLAN I have assigned to the SSID by default.
I have aaa-override enabled.
A staff or faculty member logs on and is authenticated. The controller receives the new VLAN assignment from the radius server. I can see this if I go to client details and it shows the IP address and VLAN assignment.
Here is the kicker - the IP address is still the original IP address it was assigned from the original machine authentication when it was placed in the student VLAN, not what it should be in the staff or faculty vlan.
So I do a ipconfig /release and /renew at the client and I still get the same IP address not one from the staff or faculty VLAN.
It appears as if the VLAN was sent to the controller but never really applied.
I am using the DHCP Server within the 4402 controller.
If you are centraly switching (AP not in HREAP) when the client connects on the first time, they will get an IP from that DCHP in the assigned SSID. When you send the VLAN tag from the RADIUS/ACS server, then the AP will tag the client traffic with the particular 802 tag. The controller will "proxy" the traffic into the vlan you have sent, this is transparent to the client, the controller takes care of everything. - in theory, only seen this on a course....never been able to test!
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...