Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
516
Views
4
Helpful
3
Replies

WLC and AAA - one SSID and more VLANs

Go to solution
elkono200
Level 1
Level 1

‎06-13-2007 05:19 AM - edited ‎07-03-2021 02:12 PM

hi,

i have an ACS 4.1, AP1242, WLC4404 and Catalyst 3750, and an Win2003 DHCP Server

Switch Interface Config:

interface Vlan10

ip address 10.70.170.1 255.255.255.0

ip helper-address 192.168.12.10

interface Vlan20

ip address 10.70.171.1 255.255.255.0

ip helper-address 192.168.12.10

at the WLC i have configured one SSID with

- Allow AAA Override

- Layer2 Sec: [WPA1,TKIP+WPA2,AES]

- ACS 4.1 AAA

- Key Management: 802.1x

one SSID mapped to the management interface. and 2 VLANS with different interfaces:

VLAN-ID1: 10

Interface-1:

IP Address 10.70.170.2

Netmask 255.255.255.0

Gateway 10.70.170.1

DHCP: 192.168.12.10

VLAN-ID2: 20

Interface-2:

IP Address 10.70.171.2

Netmask 255.255.255.0

Gateway 10.70.171.1

DHCP: 192.168.12.10

at the acs i have 2 users and two groups. Group1-User1 and Group2-User2 with the aaa attributes to change the vlan on login.

[006] Service-Type: Authenticate only

[064] Tunnel-Type: VLAN

[065] Tunnel-Medium-Type: 802

[081] Tunnel-Private-Group-ID: <VLAN-ID-1> or <VLAN-ID-2>

my problem is, that the user will authenticate successfully, and also the Vlan and Interface assignment is correct,

but the ip-address that the user will get is always the IP-Range from Interface2 (VLAN20). So when the USER2 authenticates, he get the VLAN2,

and the right interface and the right IP Adress and the communication is right.

but the USER1 gets the interface1 and VLAN10, but the IP from Interface2 (VLAN20).

what can it be?

thx

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fmeetz
Level 4
Level 4

‎06-20-2007 08:25 AM

Check for the DHCP configuration on Winodws 2003 server and make sure address from both the Ranges are configured.

View solution in original post

3 Replies 3

Go to solution
fmeetz
Level 4
Level 4

‎06-20-2007 08:25 AM

Check for the DHCP configuration on Winodws 2003 server and make sure address from both the Ranges are configured.

Go to solution
elkono200
Level 1
Level 1
In response to fmeetz

‎06-20-2007 11:26 PM

after a long time of tests, i found the problem. it was the DHCP Server, i installed a new one, and now its all ok...

thx

0 Helpful

Go to solution
Richard Atkin
Level 4
Level 4

‎06-27-2007 11:43 AM

FYI - If you're using ACS v4.1, you can also achieve this using the Airespace Attributes, by specifying the WLC interface name in the appropriate section.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card