Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs

Could someone please tell me is this 100% correct?

"RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs"

Any ideas why? Does anyone have a way around this?

As a workaround I was thinking of setting up one broadcast SSID for guests and one non-broadcast SSID for RADIUS assigned VLANs, however i'd prefer to have both broadcast due to numerous Vista and PDA connection issues.

3 REPLIES
Silver

Re: RADIUS-assigned VLANs are not supported when you enable mult

Hi,

here, on a Wlan Controller 4.2 based solution, is that Radius feature working.

It's important that you select the option "Allow AAA Override" in the SSID.

And on the Radius you need to set:

[064] Tunnel-Type

Tag 1 Value VLAN

[065] Tunnel-Medium-Type

Tag 1 Value 802

[081] Tunnel-Private-Group-ID

Tag 1 Value [the number of the VLAN]

Then you could even use the same SSID to assign the users into different VLANs ;)

But you need to have all VLANs configured as a virtual interface.

-

Patrick

New Member

Re: RADIUS-assigned VLANs are not supported when you enable mult

Hi.

Thanks for your reply.

That is what I would like to do; have one SSID and assign the users to different VLANs based on policy.

I have all the VLANs and subinterfaces set up correctly and working independently, but the VLAN assigment does not seem to work correctly.

If I do a "show dot11 association all-client" the RADIUS attribute appears to have altered the VLAN, but the device has no connectivity and cannot DHCP.

This is with 1130AG in autonomous mode and Microsoft IAS as RADIUS.

Apparently there may be a problem with mbssid and RADIUS assigned VLANs.

Silver

Re: RADIUS-assigned VLANs are not supported when you enable mult

I forget to add, I have all VLANs also as it's own SSID. This whole Radius assignement is more a protection issue in case the person tries to assign to the "wrong" ssid. But I do spread, in my case 4 VLans, all VLans also in their own SSID (3 of them hidden, one for the masses, public). Maybe you need to do that too.

Patrick

313
Views
0
Helpful
3
Replies
CreatePlease to create content