[c-nsp] mbssid + radius vlan assignment problems
Phil Mayers
p.mayers at imperial.ac.uk
Tue Sep 12 18:48:52 EDT 2006
Brady Alleman wrote:
> Hello All,
>
> I've been trying to get multiple BSSIDs and radius vlan assignment to
> play together on a 1231 AP running 12.3(4)JA4. When the radius server
> assigns a vlan other than the vlan configured for the SSID, the AP will
> continually dissociate the client due to maximum retries exceeded.
>
> Capturing traffic shows the AP sending request-to-send frames with a
> transmitter address of all zeros, to which the client dutifully
> responds. I'm assuming the AP is expecting to receive the responses on
> its own address, and times out the association when it does not get
> them.
>
> Radius vlan assignment works fine when mbssid is not used, so it does
> not seem to be a radius or vlan-related issue. mbssids also work fine
> when vlan assignment is not attempted. I'm using MAC-based auth with
> freeradius as the radius server.
>
> Any suggestions?
>
> Feel free to point me to another list - wireless does seem to be a rare
> topic here :)
I guess properly the cisco-nas list?
Anyhow, I believe VLAN assignment is not supported with multiple
broadcast SSIDs. It's a limitation of the hardware in earlier APs
certainly, otherwise we would have deployed it. As you say, it works
fine with a single SSID.
There's a single quarantine vlan on newer code with the newer APs to
support NAC. I don't have a link handy.
More information about the cisco-nsp
mailing list