Yo! Jake here. Sorry it has taken me a bit to get back with you, its a bit crazy for me right now.
We have attempted to solve the same SSID + different VLan issue in two ways. The first way involved some custom code and a custom DB table. Basically the way it worked was when a user authenticated on one of our Cisco LWAPPs the APs MAC would be found in the table and the associated VLan prefix would be appended to the VLan return value. This worked well for a while but it proved to be a bit of a pain through upgrades since if the files I had customized (technically Inverse did most of the customizations, I just touched it up a bit due to changes through multiple upgrades) needed to be inspected and verified to work properly after a PF upgrade. The last upgrade I did, I botched pretty badly (I thought I was on the dev box ... turns out I was not ... oops) the net effect of which was I setup PF from scratch and imported the DB with all of my nodes, APs, etc from a backup ... but that also meant that I had to put back my customizations that made upgrades difficult. So I started looking for another way, and I found the way we are currently doing it now. A strange quirk of the WLC is that you cannot have SSIDs with the same name. It was at this point I was stumped since I am not allowed to change the name of our SSID. But then I found a very poorly documented feature of the WLC. You CAN have duplicate SSIDs so long as the WLAN ID is at least 18, after that you can duplicate SSID names as much as you like. "WHAT?!", I hear you say. "Yes, indeed!", I say. "But why 18? That seems arbitrary and foolish." You respond. "Yes, yes it does." I sigh. So, currently our setup is this. A single SSID per building that is attached to the interface group for that building. The WLC has an IP in the management VLan for the interface group so when it talks to PF it will use that IP. All thats left is to add the necessary IPs to PF as independent switches and viola! it works with no custom code required and it is upgrade safe, YAY! I can explain more fully if needed but this is the best way we have found yet. If anyone else out there has a better way I would be very interested in learning about it. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: forums [[email protected]] Sent: Wednesday, December 03, 2014 11:12 AM To: [email protected] Subject: [PacketFence-users] Cisco WLC same SSID different vlans I see that Jake back in 2012 had a thread "New Cisco WLC module?" and it is the same issue I am running into. I need to offer the same SSID across the facility but need to use different vlans depending on which building the user is in. The WLC is running 7.6.130.0. Under authentication I can have the Auth Call Station ID type be the Ethernet mac of the AP, AP Name, AP Group, AP Location, etc. I can see the proper AP Ethernet mac address when I watch the pf.log. I was looking at using the AP Ethernet mac address, but AP location would be better as it would involve a smaller database. I am looking at custom.pm but am not seeing a variable for the switch_mac that I could use. Am I overlooking something? Has somebody else done this since 2012? Thanks Sean ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
