10-15-2015 08:15 PM
i am trying to configure a Cisco WLC using flex connect with authentication is via the WLC.
my setup is as such:
AP(remote) -> Switch(remote) -> Router(remote) -> WAN -> Router(hq) -> Switch(hq) -> WLC(hq)
I have configured WLAN-VLAN mapping under flexconnect to let say VLAN10, i am able to get the VLAN10 IP address assigned by the remote site. However I don't know why I can't switch the VLAN even when AAA override is enabled and NAC state is set as Radius NAC.
Can someone advise what is missing? I am pretty sure that my clearpass service policy is correct.
Am I missing anything?
10-24-2015 04:53 AM
here we can probably mainly help out on the Aruba side, if you want some feedback then you better post your Clearpass service details, now we can only believe you did it right.
for the Cisco side you are probably better of asking on a Cisco forum.
11-03-2015 02:35 AM
I have done this in the past but it was a little while ago. When responding you need to make sure that you are sending the correct attributes back and that the VLAN exists on the access point. If the vlan is not defined on the access point then it does not know how to handle it.
If I remember correctly it was a matter of adding the additional vlans to the AAA-VLAN ACL section under the Flex-Connect Group. You can leave the ACL section blank and just add the VLAN's. I believe there is a maximum of 12 VLAN's on a Flec-Connect AP as well.