Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Dynamic VLAN on Access Point using RADIUS

Hi.

I am using a single Cisco 1130AG authenticating to RADIUS on Microsoft IAS (I do NOT have a WLC)

I was wondering is it possible to use one flat SSID in my network and then dynamically assign VLANs to users based on matching of RADIUS Policy and RADIUS Return attributes?

I have configured the attributes on radius as per documentation;

* IETF 64 (Tunnel Type)—Set this to VLAN.

* IETF 65 (Tunnel Medium Type)—Set this to 802.

* IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID.

The returned VLAN ID exists on the Access Point and direct connection to the SSID without the return value works okay.

Each time I connect the VLAN just defaults to the native VLAN for the SSID

I think it may be impossible without WLC!

HELP!!

3 REPLIES
Community Member

Re: Dynamic VLAN on Access Point using RADIUS

I believe this is the problem

•RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs.

Is there any way around this?

I have noticed through "show dot11 associations all-client" that the VLAN is correctly changed through RADIUS, however no traffic seems to be received on the new VLAN and the device cannot DHCP.

Any ideas?

Community Member

Re: Dynamic VLAN on Access Point using RADIUS

I was wondering if you ever received clarification on this? I have an autonomous 1252 access point that I wanted to configure dynamic VLAN assignment for. I currrently have a WLC configured with MS IAS for dynamic VLAN assignment and everything is working properly. However I have one small building with one access point and I wanted to configured dynamic VLANs without a WLC.

Thx.

Joe

Community Member

Re: Dynamic VLAN on Access Point using RADIUS

From what I found when using MBSSID it appears you cannot use dynamic VLANs.

However you can use a single broadcasted SSID and various non-broadcast SSIDs with dynamic VLANs.

Ideally a single SSID and dynamic VLANs via dot1x would be fine for my setup.

However I have a specific wireless device which cannot use dot1x/EAP and therefore I need an second broadcast SSID to use for this. Which then causes the dynamic VLAN setup not to work.

224
Views
0
Helpful
3
Replies
CreatePlease to create content