Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RADIUS Dynamic VLAN Assignment with configured WDS. Is it possible?

We have some APs (AP1, AP2, etc) with confugured WDS on one AP.

On APs configured two SSID with two static assigned VLANs:

dot11 ssid K-Internet
   vlan 3
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii <WPA Key>
dot11 ssid K-Private
   vlan 1
   authentication open eap EAP_WDS
   authentication network-eap EAP_WDS
   authentication key-management wpa
   mbssid guest-mode
interface Dot11Radio0
encryption vlan 1 mode ciphers aes-ccm tkip
encryption vlan 3 mode ciphers aes-ccm tkip
broadcast-key vlan 1 change 900
broadcast-key vlan 3 change 900
ssid K-Internet
ssid K-Private
wlccp ap username <USERNAME> password <PASSW>


aaa authentication login WDS_Auth_Client group rad_eap

wlccp ap username <USERNAME> password <PASSW>
wlccp authentication-server infrastructure WDS_Auth_Infrastructure
wlccp authentication-server client any WDS_Auth_Client
wlccp wds priority 100 interface BVI1

All works Ok with EAP-FAST authentication on Cisco ACS RADIUS.
But now I want to use per user Dynamic VLAN Assignment.
(IETF RADIUS Attributes 64,65,81)

I want to connect to SSID K-Private and move to VLAN 3 for example.

On WDS AP I see:

WDS-AP# show wlccp wds mn detail

MAC: 0015.af95.3d52,  IP-ADDR:,  State: REGISTERED
BSS: 0019.a9b6.70a1, SSID: K-Private
Vlan Assigned by AAA: 3   ( <--- VLAN 3, All Ok)
Ntwrk-ID:   -
Key Mgmt: None,  Authentication: EAP

But on AP1 nothing changed:

AP1# show dot11 associations all-client

Address           : 0015.af95.3d52     Name             : NONE
IP Address        :       Interface        : Dot11Radio 0

State             : EAP-Assoc          Parent           : self
SSID              : K-Private
VLAN              : 1     ( <--- VLAN 1 )
Key Mgmt type     : WPAv2-CP           Encryption       : AES-CCMP

What I need to configure to make this feature worked?
Thanks for your help.

Everyone's tags (3)