Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

WLC Web-Auth, ACS & VLAN Assignment

I have cisco lwapp setup with wlc and acs server. In the ACS i have two user groups provisioned. At the WLC, I have 1 SSID each for these two groups.

The target is to get each users in the pecified group eg group 1, to get into vlan 1. And the same goes to group 2 and vlan 2.

Right now, everyone can logon into any ssid using username from any group. We are using the web-auth method.

Any idea on how to restrict the users in specific group into a specific vlan?


Re: WLC Web-Auth, ACS & VLAN Assignment

although cisco's Identity Network can allocate different VLAN according to username, but it doesn't support web-auth, only support MAC filtering, 802.1X, and WPA at this moment. So if you have to use web-auth, the answer is no, if you can change it to be others such as 802.1x, you can do it by configure following tunnel attributes in ACS:

• Tunnel-Type=VLAN (13)

• Tunnel-Medium-Type=802

• Tunnel-Private-Group-ID=VLANID

New Member

Re: WLC Web-Auth, ACS & VLAN Assignment

yes. right.

I did that but seems doesn't work when authed using web-auth. Changing to other security method is not an option right now as the web-auth is more presentable to end users and less hassle to connect to the network itself.

CreatePlease to create content