Not sure if this answers you concerns or not but "AAA override is not supported with H-REAP". This is a direct quote from the WLC config guide version 7.0.116.0 which is the level used in the lab exam. I also confirmed this is true when I was preparing for my exam a few years ago.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, March 17, 2014 10:22 AM To: [email protected] Subject: CCIE_Wireless Digest, Vol 59, Issue 15 Send CCIE_Wireless mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of CCIE_Wireless digest..." Today's Topics: 1. HREAP - AAA Override (Jay Killion (jakillio)) ---------------------------------------------------------------------- Message: 1 Date: Mon, 17 Mar 2014 14:18:46 +0000 From: "Jay Killion (jakillio)" <[email protected]> To: "[email protected]" <[email protected]> Subject: [OSL | CCIE_Wireless] HREAP - AAA Override Message-ID: <cf4c6e73.165b3%[email protected]> Content-Type: text/plain; charset="windows-1252" I'm having some strange issues with HREAP and AAA Override's, hoping someone can shed some light? I've created a Network Access Policy to match on HREAP called-station-ID and provide different VLANs based on EAP method, see below - [cid:1B9A67FF-41D1-442A-A803-7310A267BF5E] When using Anyconnect to connect to the SSID using EAP-Fast, auth succeeds and the client sees things as all good. [cid:3D070F00-58A6-4C8D-8B81-6504AD2919E9] When using PEAP, ACS says auth succeeds and it shows the expected authorization profile. [cid:4821EA8A-7810-4D11-A836-F3358EC0192F] However, Anyconnect says "authentication failed" even with ACS saying it succeeds ? but only when using PEAP (FAST works fine). Any thoughts? I've stopped / started ACS, but no luck. Thanks - Jay Killion, CCIE #17873 R/S -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140317/1310e009/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: 1B9A67FF-41D1-442A-A803-7310A267BF5E.png Type: image/png Size: 99173 bytes Desc: 1B9A67FF-41D1-442A-A803-7310A267BF5E.png URL: </archives/ccie_wireless/attachments/20140317/1310e009/attachment.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: 3D070F00-58A6-4C8D-8B81-6504AD2919E9.png Type: image/png Size: 129584 bytes Desc: 3D070F00-58A6-4C8D-8B81-6504AD2919E9.png URL: </archives/ccie_wireless/attachments/20140317/1310e009/attachment-0001.png> -------------- next part -------------- A non-text attachment was scrubbed... Name: 4821EA8A-7810-4D11-A836-F3358EC0192F.png Type: image/png Size: 127000 bytes Desc: 4821EA8A-7810-4D11-A836-F3358EC0192F.png URL: </archives/ccie_wireless/attachments/20140317/1310e009/attachment-0002.png> ------------------------------ _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc End of CCIE_Wireless Digest, Vol 59, Issue 15 ********************************************* _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
