What does the authorization profile look like on the ACS server for the VLAN override?
Also, when the client has connected to mypsk2, what does the detailed "show dot11 associations [mac address]" look like? On Thu, Jul 4, 2013 at 4:02 PM, Prasanna Yabaluri <[email protected]>wrote: > > Task: Assign different Static VLAN id's through ACS based on user. If > Client-1 connects assign VLAN 224 and if client-2 connects assign VLAn698. > > First two ssid's were configured for each VLAN. mypsk(WPA2/PSK) for > VLAN224 and mypsk2(WPA2 Enterprise) for VLAN698. They work fine when > client-1 is connected to mypsk2. > > When ACS is modified with Static VLAN config there is an issue when > client-1 connects as he does not get IP address for VLAN224. ACS shows > succeeded and relevant Authorization profile is touched and VLAn attribute > is shown. > > debug radius command on ACS shows AAA unsupported Attr. ssid and AAA > unsupported Attr: interface. > > *************Bridge config********** > aaa new-model > ! > ! > aaa authentication login eap_methods group radius > radius-server host 172.24.223.105 auth-port 1812 acct-port 1812 key 7 > 070C285F4D 06485744 > > aaa authorization network default group radius > > dot11 mbssid > > dot11 ssid mypsk > vlan 224 > authentication open > authentication key-management wpa > mbssid guest-mode > wpa-psk ascii 7 121A0C0411045D5679 > ! > dot11 ssid mypsk2 > vlan 698 > authentication open eap eap_methods > authentication key-management wpa > mbssid guest-mode > > interface Dot11Radio0 > ! > encryption mode ciphers aes-ccm > ! > encryption vlan 224 mode ciphers aes-ccm > ! > encryption vlan 698 mode ciphers aes-ccm > ! > ssid mypsk > ! > ssid mypsk2 > ! > station-role root > ! > interface Dot11Radio0.224 > encapsulation dot1Q 224 native > bridge-group 1 > ! > interface Dot11Radio0.698 > encapsulation dot1Q 698 > bridge-group 2 > ! > interface FastEthernet0 > interface FastEthernet0.224 > encapsulation dot1Q 224 native > bridge-group 1 > ! > interface FastEthernet0.698 > encapsulation dot1Q 698 > bridge-group 2 > > *********************************END Bridge Config********************* > *****************************************bridge debug error*************** > *Mar 1 05:56:30.977: RADIUS/ENCODE(00000500):Orig. component type = DOT11 > *Mar 1 05:56:30.977: RADIUS: AAA Unsupported Attr: ssid > [265] 6 > > *Mar 1 05:56:30.978: RADIUS: 6D 79 70 73 > > [myps] > *Mar 1 05:56:30.978: RADIUS: AAA Unsupported Attr: interface > [157] 4 > > *Mar 1 05:56:30.978: RADIUS: 31 35 > > [15] > *Mar 1 05:56:30.978: RADIUS(00000500): Config NAS IP: 0.0.0.0 > *Mar 1 05:56:30.978: RADIUS/ENCODE(00000500): acct_session_id: 1280 > *Mar 1 05:56:30.978: RADIUS(00000500): sending > *Mar 1 05:56:30.979: RADIUS/ENCODE: Best Local IP-Address 172.24.223.99 > for Rad > ius-Server 172.24.223.105 > *Mar 1 05:56:30.979: RADIUS(00000500): Send Access-Request to > 172.24.223.105:18 > 12 id 1645/77, len 131 > *Mar 1 05:56:30.979: RADIUS: authenticator 34 73 0A E2 77 D8 67 A7 - 5C > 63 0B > D2 C5 C8 20 D6 > *Mar 1 05:56:30.979: RADIUS: User-Name [1] 10 "client-1" > *Mar 1 05:56:30.979: RADIUS: Framed-MTU [12] 6 1400 > > > *Mar 1 05:56:30.980: RADIUS: Called-Station-Id [30] 16 > "001d.a2ca.09c1" > *Mar 1 05:56:30.980: RADIUS: Calling-Station-Id [31] 16 > "6c88.1424.6404" > *Mar 1 05:56:30.980: RADIUS: Service-Type [6] 6 Login > > [1] > *Mar 1 05:56:30.980: RADIUS: Message-Authenticato[80] 18 > *Mar 1 05:56:30.980: RADIUS: 5F 89 BB A6 02 72 B2 39 BC CB 43 11 C1 FC > 15 A1 > [_????r?9??C?????] > *Mar 1 05:56:30.980: RADIUS: EAP-Message [79] 15 > *Mar 1 05:56:30.981: RADIUS: 02 01 00 0D 01 63 6C 69 65 6E 74 2D 31 > > [?????client-1] > *Mar 1 05:56:30.981: RADIUS: NAS-Port-Type [61] 6 802.11 > wireless > [19] > *Mar 1 05:56:30.981: RADIUS: NAS-Port [5] 6 1531 > > > *Mar 1 05:56:30.981: RADIUS: NAS-Port-Id [87] 6 "1531" > *Mar 1 05:56:30.981: RADIUS: NAS-IP-Address [4] 6 172.24.223.99 > > > *Mar 1 05:56:31.048: RADIUS: Received from id 1645/77 172.24.223.105:1812, > Acce > ss-Challenge, len 85 > *Mar 1 05:56:31.049: RADIUS: authenticator 3E F1 2E 58 88 E4 78 6A - F4 > 0C FC > 6E C9 AB C0 25 > *Mar 1 05:56:31.049: RADIUS: State [24] 39 > *Mar 1 05:56:31.049: RADIUS: 33 34 53 65 73 73 69 6F 6E 49 44 3D 74 72 > 69 61 > [34SessionID=tria] > *Mar 1 05:56:31.049: RADIUS: 6C 61 63 73 2D 31 2F 31 36 32 33 32 34 32 > 38 31 > [lacs-1/162324281] > *Mar 1 05:56:31.049: RADIUS: 2F 38 34 31 3B > > [/841;] > *Mar 1 05:56:31.050: RADIUS: EAP-Message [79] 8 > *Mar 1 05:56:31.050: RADIUS: 01 95 00 06 0D 20 > > pe = DOT11 > *Mar 1 05:56:31.058: RADIUS: AAA Unsupported Attr: ssid > [265] 6 > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
