Integrating a Wired 802.1X Network With a Wireless 802.1X Network
We currently have a Wired 802.1x network using Cisco 3500 and 2900 series switches.
We are adding wireless network using LWAPP and a 2106 WLC. The issue I have is that I cannot restrict users logging into different SSID's.
So on the Wired network User A logs on and is placed on VLAN A and User B goes on VLAN B. On the Wireless side I assign each SSID to a certain VLAN but I am finding that the WLC2106 is not reading the VLAN info(it makes sense seeing as it does not use VTP Trunks). So I configured a NonIP NAR on the ACS server but I found that if I apply this to VLAN A only UserA is allowed to access the SSID A but it breaks the Wired 802.1X(wired does not send the DNIS attribute, or if it does I do not know what it is). If I add a second condition with all * then allow if either condition is met I again open up WLan A to all users authenticating.
Right now the only way I can see this working is if I have two separate Radius servers(one for Wireless and one for Wired) or if Cisco makes a Controller that allows trunking and is smart enough to read the VLAN settings on the Wired side.
Re: Integrating a Wired 802.1X Network With a Wireless 802.1X Ne
I guess I made it more difficult then it was:)
I was assuming that because the 2106 could not do VTP it would not know what vlan names mapped to what vlan numbers, as well as my ignorance on how the Wireless assigns vlans/access.
I created a new SSID with the Interface placed on the Guest network then did the AAA overide and that allowed me to restrict access. I am sure that link you sent probably described it, I just thought it was going to be more difficult then it ended up being:)
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...