Security

Reply
Occasional Contributor II

802.1x with Cisco WLC unable to change VLAN

i am trying to configure a Cisco WLC using flex connect with authentication is via the WLC.

my setup is as such:

AP(remote) -> Switch(remote) -> Router(remote) -> WAN -> Router(hq) -> Switch(hq) -> WLC(hq)

 

I have configured WLAN-VLAN mapping under flexconnect to let say VLAN10, i am able to get the VLAN10 IP address assigned by the remote site. However I don't know why I can't switch the VLAN even when AAA override is enabled and NAC state is set as Radius NAC.

 

Can someone advise what is missing? I am pretty sure that my clearpass service policy is correct.

 

Am I missing anything?

Re: 802.1x with Cisco WLC unable to change VLAN

here we can probably mainly help out on the Aruba side, if you want some feedback then you better post your Clearpass service details, now we can only believe you did it right.

 

for the Cisco side you are probably better of asking on a Cisco forum.

Occasional Contributor II

Re: 802.1x with Cisco WLC unable to change VLAN

Hi 

 

I have done this in the past but it was a little while ago. When responding you need to make sure that you are sending the correct attributes back and that the VLAN exists on the access point. If the vlan is not defined on the access point then it does not know how to handle it.

 

If I remember correctly it was a matter of adding the additional vlans to the AAA-VLAN ACL section under the Flex-Connect Group. You can leave the ACL section blank and just add the VLAN's. I believe there is a maximum of 12 VLAN's on a Flec-Connect AP as well.

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: