Wireless Access

I am trying to setup assigning VLAN based on user role.  I have user roles CMISO (vlan 900) and CMAUTH (vlan 220) configured.  I have created a test VAP/ESSID where the inital role is CMISO but the client pulls an ip from the vlan of the mgmt interface of the controller (VLAN 10).  The only way to get the client to pull an address not from VLAN 10 is to set the VLAN under the VAP.  However it still ignores the VLAN setting in the user profile.

 

I am running 6.2.1.1

 

You can set the VLAN under the user-role.

 

Is that VLAN is up and already exist on the controller ?

 

DO  the following:

 

show vlan

show profile-errors 

 

And also make sure that the VLAN is on your trunks back to the uplink switch if that is how you have it setup .

 

I did a show profile-errors and there are none.

 

 

Can you please share your user-role config ?

user-role CMAuth
vlan 220
access-list session allowall
access-list session v6-allowall

 

user-role CMISO
vlan 900
access-list session allowall
access-list session v6-allowall

Make sure your aaa profile config for your VAP is configure to match the user role appropriately .

Are you trying to do Mac auth ? Do you have a Mac auth aaa profile ?

What type authentication are you using under your SSID profile ?

yes we are trying mac auth.  the aaa config in the vap point to the appropriate user roles.  

 

no auth under ssid profile

It looks you on the right track

I have attached a couple screenshots see if any of those can help you out

Rebuilt my mac-auth profile and seems to be working again.  not sure what happened.  thx for help!!

Trunks exist and are up.  If I set the VAP vlan to 900 or 220 I am able to pull an ip address in the appropriate vlan.  It is when the VAP vlan is "not configured" I pull from the mgmt vlan.