Dear Community,
If you are trying to build a MPSK network with dynamic VLANs, the VLAN is not persistent for the client.
We built a scenario where ClearPass is sending back the VLAN attribute to the AP and this is working fine. The AP has a mpskcache which shows the currently authenticated and idle clients with their VLAN. Once the client leaves the WLAN, the cache counter starts to count down (15 or 16 minutes). If the cache times out, a new authentication request is sent to ClearPass.
When the client connects back and the cache is still there, the client *should* receive it's saved VLAN. Currently there is a bug and the client is falling back to the SSIDs default VLAN.
Case is already active.
Keep this in mind if you are trying to build this solution with the current firmware 8.4.x and 8.5.0.0
First connect:
#show ap mpskcache
PPSK Cache Table
----------------
Client MAC Key Del Expiry Role VLAN ESSID
---------- --- --- ------ ---- ---- -----
f0:99:b6:30:b5:70 C6C0856D38BA... No - mPSK 104 mPSK
PPSK Cache Count:1
After leaving the wifi for a few seconds:
# show ap mpskcache
PPSK Cache Table
----------------
Client MAC Key Del Expiry Role VLAN ESSID
---------- --- --- ------ ---- ---- -----
f0:99:b6:30:b5:70 C6C0856D38BA... No - mPSK 102 mPSK
PPSK Cache Count:1