Wireless Access

Reply
Occasional Contributor II

user role vlan issue

I am trying to setup assigning VLAN based on user role.  I have user roles CMISO (vlan 900) and CMAUTH (vlan 220) configured.  I have created a test VAP/ESSID where the inital role is CMISO but the client pulls an ip from the vlan of the mgmt interface of the controller (VLAN 10).  The only way to get the client to pull an address not from VLAN 10 is to set the VLAN under the VAP.  However it still ignores the VLAN setting in the user profile.

 

I am running 6.2.1.1

Re: user role vlan issue

 

You can set the VLAN under the user-role.

 

Is that VLAN is up and already exist on the controller ?

 

DO  the following:

 

show vlan

show profile-errors 

 

And also make sure that the VLAN is on your trunks back to the uplink switch if that is how you have it setup .

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: user role vlan issue

Trunks exist and are up.  If I set the VAP vlan to 900 or 220 I am able to pull an ip address in the appropriate vlan.  It is when the VAP vlan is "not configured" I pull from the mgmt vlan.

Occasional Contributor II

Re: user role vlan issue

I did a show profile-errors and there are none.

Re: user role vlan issue

 

 

Can you please share your user-role config ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: user role vlan issue

user-role CMAuth
vlan 220
access-list session allowall
access-list session v6-allowall

 

user-role CMISO
vlan 900
access-list session allowall
access-list session v6-allowall

Re: user role vlan issue

Make sure your aaa profile config for your VAP is configure to match the user role appropriately .

Are you trying to do Mac auth ? Do you have a Mac auth aaa profile ?

What type authentication are you using under your SSID profile ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: user role vlan issue

yes we are trying mac auth.  the aaa config in the vap point to the appropriate user roles.  

 

no auth under ssid profile

Re: user role vlan issue

It looks you on the right track

I have attached a couple screenshots see if any of those can help you out
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: user role vlan issue

Rebuilt my mac-auth profile and seems to be working again.  not sure what happened.  thx for help!!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: