Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN assignment from ACS not applied

WLC 4402 5.2.157.0

ACS Express 5.0.0.18

We have an issue where the VLAN assigned on the ACS isn't applied on the 4402 WLC.

We have 'Allow AAA Override' checked on the WLAN, the QoS is overridden to bronze properly, but the VLAN stays at 0 and the interface at management. The VLAN interface is configured on the WLC.

On the ACS the following are configured for the RADIUS response:

Radius-IETF Tunnel-Medium-Type 802

Radius-IETF Tunnel-Type VLAN

Radius-IETF Tunnel-Private-Group-ID 44

Cisco Airespace Airespace-QoS-Level Bronze

The accounting log shows:

Wed, 04 Feb 2009 09:50:02

User-Name = guest

NAS-IP-Address = 10.30.1.2

NAS-Port = 1

Framed-IP-Address = 10.30.1.12

Called-Station-Id = 10.30.1.2

Calling-Station-Id = 10.30.1.12

NAS-Identifier = Cisco4402WLC

Acct-Status-Type = Start

Acct-Session-Id = 4989b927/00:1a:73:ed:bf:ca/2

Acct-Authentic = RADIUS

Airespace-WLAN-Id = 2

Thanks for any help or advice you can provide to troubleshoot this issue.

-Brian

4 REPLIES
New Member

Re: VLAN assignment from ACS not applied

From the Clients -> Details screen on the WLC...

CLIENT PROPERTIES

MAC Address 00:1a:73:ed:bf:ca

IP Address 10.30.1.12

Client Type Regular

User Name guest

Port Number 1

Interface management

VLAN ID 0

CCX Version CCXv4

E2E Version Not Supported

Mobility Role Local

Mobility Peer IP Address N/A

Policy Manager State RUN

Mirror Mode Disable

Management Frame Protection No

SECURITY INFORMATION

Security Policy Completed Yes

Policy Type N/A

Encryption Cipher None

EAP Type N/A

NAC State Access

QUALITY OF SERVICE PROPERTIES

WMM State Enabled

U-APSD Support Disabled

QoS Level Bronze

Diff Serv Code Point (DSCP) disabled

802.1p Tag disabled

Average Data Rate disabled

Average Real-Time Rate disabled

Burst Data Rate disabled

Burst Real-Time Rate disabled

Re: VLAN assignment from ACS not applied

when you are trying to use AAA to change the vlan the client is using on a WLC, you don't use the VLAN number, you use the interface name. So for :

Radius-IETF Tunnel-Private-Group-ID

use the interface name and not the VLAN number.

HTH,

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: VLAN assignment from ACS not applied

Steve, Thank you for your response, however changing it to the interface name did not change the result. The VLAN is still untagged and using the management interface.

Do you have any other suggestions I can try?

Thanks,

Brian

New Member

Re: VLAN assignment from ACS not applied

I also noticed the Radius-IETF Session-Timeout isn't being applied.

Based on http://www.cisco.com/en/US/products/ps6307/products_tech_note09186a0080870334.shtml it appears that isn't a supported attribute though.

364
Views
0
Helpful
4
Replies
CreatePlease login to create content