Security

 View Only
last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

802.1x with Cisco WLC unable to change VLAN

This thread has been viewed 11 times

  • 1.  802.1x with Cisco WLC unable to change VLAN

    Posted Oct 15, 2015 11:15 PM

    i am trying to configure a Cisco WLC using flex connect with authentication is via the WLC.

    my setup is as such:

    AP(remote) -> Switch(remote) -> Router(remote) -> WAN -> Router(hq) -> Switch(hq) -> WLC(hq)

     

    I have configured WLAN-VLAN mapping under flexconnect to let say VLAN10, i am able to get the VLAN10 IP address assigned by the remote site. However I don't know why I can't switch the VLAN even when AAA override is enabled and NAC state is set as Radius NAC.

     

    Can someone advise what is missing? I am pretty sure that my clearpass service policy is correct.

     

    Am I missing anything?



  • 2.  RE: 802.1x with Cisco WLC unable to change VLAN

    Posted Oct 24, 2015 07:54 AM

    here we can probably mainly help out on the Aruba side, if you want some feedback then you better post your Clearpass service details, now we can only believe you did it right.

     

    for the Cisco side you are probably better of asking on a Cisco forum.



  • 3.  RE: 802.1x with Cisco WLC unable to change VLAN

    Posted Nov 03, 2015 05:35 AM

    Hi 

     

    I have done this in the past but it was a little while ago. When responding you need to make sure that you are sending the correct attributes back and that the VLAN exists on the access point. If the vlan is not defined on the access point then it does not know how to handle it.

     

    If I remember correctly it was a matter of adding the additional vlans to the AAA-VLAN ACL section under the Flex-Connect Group. You can leave the ACL section blank and just add the VLAN's. I believe there is a maximum of 12 VLAN's on a Flec-Connect AP as well.

     

    Thanks



  • 4.  RE: 802.1x with Cisco WLC unable to change VLAN

    Posted Nov 23, 2021 01:38 PM
    I know is an old thread but the way to make it work, like you said is config vlan mapping in the flexconnect group


    In my setup the vlan 102 is used for the APs and 103 is used for the clients. The switch port has the 102 as native/untagged and the 103 as tagged/trunked

    Hope this helps, it took me a little while to find the solution and how to do it since I don't manage Cisco's wlc

    ------------------------------
    Ulises Cazares
    ------------------------------

    Original Message