Hi s1nsp4wn,
WLC Interfaces
The cisco controller has many interfaces depending on how many VLAN's you segment users on. (IE: Management and Dynamic interfaces) those can be overriden depending on how you set it up the WLANs or/and use AP groups. CPPM needs to know of those interfaces that users will be requesting authentication from. (Management interface shouldn't be one unless your using CPPM to authenticate management login user)
- WLAN - interface assignment. (Default interface for WLAN users)
- AP Groups - Interfaces assigned here, overrides the WLAN interface assignment
WLC - AAA
Under the Security Tab - AAA - RADIUS. Add your CPPM as a Radius Authenticator and Accounting. NOTE: if your not using CPPM to authenticate Management Login to WLC, uncheck the "management" option box. (NOTE: make sure you match the Shared Secret on both WLC and CPPM) - or nothing will talk.
WLC - WLAN setup
1. under the WLAN Setup. You have options for RADIUS server Overwrite interface. - if checked, you can pick which interfaces that will be the authenticating interface. you can choose WLAN (Interface set in the WLAN default) or AP Group. (if you use AP Groups, those interfaces will the authentication interfaces and need to be "devices" in CPPM)
Then, choose your CPPM from the pull down under Authentication servers and Accounting Servers. I use "AP Groups" so that is my choice here for Interfaces I want sending authenticaitons.
I like to remove Local and LDAP out of the "Order Used for Auth" section as well.
2. Under the WLAN Advanced Tab - Check Allow AAA Override.
CPPM
You need to add all interfaces listed in the WLC side that user authentication requests will be generated. this will be under Configuration - Network - Devices.
If the Controller is sending requests from unknown interfaces in CPPM, check your CPPM Event viewer and you'll have see errors from that interface an unknown device.
I hope that helps.