1. Home
  2. Cisco Systems
  3. Dynamic VLAN affectation + AP1100 + freeradius

Dynamic VLAN affectation + AP1100 + freeradius

Hello,

I'm trying to affect VLANs dynamically on the Cisco AP1100. The authentication works but the client always stays in the default vlan (vlan 4 for ssid guest2). 802.1x authentication with fixed vlan works (vlan 318 for ssid v318). Could someone help me please ?

Many thanks by advance!

Caroline.

Radius config :

--------------- test318 User-Password == "xxxxxxx" Tunnel-Medium-Type:1 = 6, Tunnel-Type:1 = 13, Tunnel-Private-Group-ID:1 = 318, Fall-Through = No

AP1100 config :

--------------- ap#sho runn Building configuration...

Current configuration : 5326 bytes ! version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ap ! enable secret 5 xxxxxxx ! ip subnet-zero ip name-server 192.168.16.35 ! ! aaa new-model ! ! aaa authentication login default line aaa authentication login eap_methods group radius enable aaa authentication login mac_methods local aaa accounting network eap_methods start-stop group radius aaa session-id common ! dot11 ssid guest2 vlan 4 authentication open optional eap eap_methods accounting eap_methods guest-mode ! dot11 ssid inter-ap authentication open mac-address mac_methods ! dot11 ssid v016 vlan 16 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa optional ! dot11 ssid v216 vlan 216 authentication open authentication key-management wpa optional infrastructure-ssid optional ! dot11 ssid v218 vlan 218 authentication open eap eap_methods authentication network-eap eap_methods authentication key-management wpa optional ! dot11 ssid v318 vlan 318 authentication open eap eap_methods accounting eap_methods ! ! ! ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 218 mode ciphers tkip wep128 ! encryption vlan 216 mode ciphers tkip wep128 ! encryption vlan 16 mode ciphers tkip wep128 ! ssid guest2 ! ssid inter-ap ! ssid v016 ! ssid v216 ! ssid v218 ! ssid v318 ! short-slot-time speed basic-11.0 54.0 rts threshold 2312 power local cck 1 power local ofdm 1 channel 2457 station-role root no dot11 extension aironet dot1x reauth-period server ! interface Dot11Radio0.4 encapsulation dot1Q 4 no ip route-cache no cdp enable bridge-group 4 bridge-group 4 subscriber-loop-control bridge-group 4 block-unknown-source no bridge-group 4 source-learning no bridge-group 4 unicast-flooding bridge-group 4 spanning-disabled ! interface Dot11Radio0.16 encapsulation dot1Q 16 no ip route-cache bridge-group 16 bridge-group 16 subscriber-loop-control bridge-group 16 block-unknown-source no bridge-group 16 source-learning no bridge-group 16 unicast-flooding bridge-group 16 spanning-disabled ! interface Dot11Radio0.216 encapsulation dot1Q 216 native no ip route-cache no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio0.218 encapsulation dot1Q 218 no ip route-cache bridge-group 218 bridge-group 218 subscriber-loop-control bridge-group 218 block-unknown-source no bridge-group 218 source-learning no bridge-group 218 unicast-flooding bridge-group 218 spanning-disabled ! interface Dot11Radio0.318 encapsulation dot1Q 318 no ip route-cache bridge-group 3 bridge-group 3 subscriber-loop-control bridge-group 3 block-unknown-source no bridge-group 3 source-learning no bridge-group 3 unicast-flooding bridge-group 3 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto ! interface FastEthernet0.4 encapsulation dot1Q 4 no ip route-cache bridge-group 4 no bridge-group 4 source-learning bridge-group 4 spanning-disabled ! interface FastEthernet0.16 encapsulation dot1Q 16 no ip route-cache bridge-group 16 no bridge-group 16 source-learning bridge-group 16 spanning-disabled ! interface FastEthernet0.216 encapsulation dot1Q 216 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface FastEthernet0.218 encapsulation dot1Q 218 no ip route-cache bridge-group 218 no bridge-group 218 source-learning bridge-group 218 spanning-disabled ! interface FastEthernet0.318 encapsulation dot1Q 318 no ip route-cache bridge-group 3 no bridge-group 3 source-learning bridge-group 3 spanning-disabled ! interface BVI1 ip address 192.168.16.61 255.255.255.224 no ip route-cache ! ip default-gateway 192.168.16.62 no ip http server no ip http secure-server ip http help-path

formatting link
radius source-interface BVI1 ! logging snmp-trap emergencies logging snmp-trap alerts logging snmp-trap critical logging snmp-trap errors logging snmp-trap warnings radius-server host 192.168.16.35 auth-port 1812 acct-port 1813 key 7 xxxxx ! control-plane ! bridge 1 route ip ! ! ! line con 0 transport preferred all transport output all line vty 0 4 password 7 xxxxx transport preferred all transport input all transport output all line vty 5 15 transport preferred all transport input all transport output all ! end

Reply to
caroline brunel
Loading thread data ...

Hi,

I didn't receive any response... Does someone know if what I'm trying to configure is possible ?

Many thanks!

Caroline.

caroline brunel a écrit :

Reply to
caroline brunel

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.