The SSID (WLAN, in terms of WLC) of the client does not matter because the user is always assigned to this predetermined VLAN ID. These RADIUS attributes decide the VLAN ID that should be assigned to the wireless client. Once the authentication is successful, the RADIUS server passes certain Internet Engineering Task Force (IETF) attributes to the user. Therefore, when a client attempts to associate to a LAP registered with a controller, the LAP passes the credentials of the user to the RADIUS server for validation. This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a campus network. This task of assigning users to a specific VLAN is handled by a RADIUS authentication server, such as CiscoSecure ACS. This allows the network to advertise a single SSID, but allows specific users to inherit different QoS or security policies based on the user credential.ĭynamic VLAN assignment is one such feature that places a wireless user into a specific VLAN based on the credentials supplied by the user. However, the Cisco WLAN solution supports identity networking. Although powerful, this method has limitations because it requires clients to associate with different SSIDs in order to inherit different QoS and security policies. In most WLAN systems, each WLAN has a static policy that applies to all clients associated with a Service Set Identifier (SSID), or WLAN in the controller terminology. Dynamic VLAN Assignment with RADIUS Server Refer to Cisco Technical Tips Conventions for more information on document conventions. If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions:Ĭisco 4400 WLC that runs firmware release 5.2Ĭisco 802.11a/b/g Wireless Client Adapter that runs firmware release 4.4Ĭisco Aironet Desktop Utility (ADU) that runs version 4.4ĬiscoSecure Access Control Server (ACS) that runs version 4.1 Have basic knowledge of Lightweight AP Protocol (LWAPP) Have thorough knowledge of wireless networks and wireless security issues Have functional knowledge of the AAA server Have basic knowledge of the WLC and Lightweight Access Points (LAPs) Prerequisites RequirementsĮnsure that you meet these requirements before you attempt this configuration: The document describes how to configure the wireless LAN controller (WLC) and a RADIUS server to assign wireless LAN (WLAN) clients into a specific VLAN dynamically. This document introduces the concept of dynamic VLAN assignment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |