Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. And see here for current known issues.
i have an ACS 4.1, AP1242, WLC4404 and Catalyst 3750, and an Win2003 DHCP Server
Switch Interface Config:
ip address 10.70.170.1 255.255.255.0
ip helper-address 192.168.12.10
ip address 10.70.171.1 255.255.255.0
at the WLC i have configured one SSID with
- Allow AAA Override
- Layer2 Sec: [WPA1,TKIP+WPA2,AES]
- ACS 4.1 AAA
- Key Management: 802.1x
one SSID mapped to the management interface. and 2 VLANS with different interfaces:
IP Address 10.70.170.2
IP Address 10.70.171.2
at the acs i have 2 users and two groups. Group1-User1 and Group2-User2 with the aaa attributes to change the vlan on login.
 Service-Type: Authenticate only
 Tunnel-Type: VLAN
 Tunnel-Medium-Type: 802
 Tunnel-Private-Group-ID: <VLAN-ID-1> or <VLAN-ID-2>
my problem is, that the user will authenticate successfully, and also the Vlan and Interface assignment is correct,
but the ip-address that the user will get is always the IP-Range from Interface2 (VLAN20). So when the USER2 authenticates, he get the VLAN2,
and the right interface and the right IP Adress and the communication is right.
but the USER1 gets the interface1 and VLAN10, but the IP from Interface2 (VLAN20).
what can it be?
Go to Solution.
Check for the DHCP configuration on Winodws 2003 server and make sure address from both the Ranges are configured.
after a long time of tests, i found the problem. it was the DHCP Server, i installed a new one, and now its all ok...
FYI - If you're using ACS v4.1, you can also achieve this using the Airespace Attributes, by specifying the WLC interface name in the appropriate section.