I found it... under WLANs > Edit > Security > AAA Servers "Radius Server Overwrite interface and check it enabled. Set the interface Priority to WLAN and then apply.
The radius request then comes from the ip of the wlan you specify on the general tab for Interface. Note - If you are using access-lists on the CPU, they will need to be updated. This is a lot easier then what I had initially envisioned! Thanks Jake for the nudge in the right direction! Sean On 2014-12-03 16:11, forums wrote: > Thanks Jake, > > I have an interface setup on vlan 20 for the access-points for a test. > the wlan with the duplicated SSID is using 121. I have applied it to > it's own AP group for that building. The packetfence is seeing the > source still as the mgmt of the controller. I have been through the > interface and wlan screens but must be missing the "make the request > using the mgmt ip address" check box. > > Thanks > Sean > > On 2014-12-03 12:12, Sallee, Jake wrote: >> Yo! Jake here. Sorry it has taken me a bit to get back with you, its >> a bit crazy for me right now. >> >> We have attempted to solve the same SSID + different VLan issue in two >> ways. The first way involved some custom code and a custom DB table. >> Basically the way it worked was when a user authenticated on one of >> our Cisco LWAPPs the APs MAC would be found in the table and the >> associated VLan prefix would be appended to the VLan return value. >> >> This worked well for a while but it proved to be a bit of a pain >> through upgrades since if the files I had customized (technically >> Inverse did most of the customizations, I just touched it up a bit due >> to changes through multiple upgrades) needed to be inspected and >> verified to work properly after a PF upgrade. >> >> The last upgrade I did, I botched pretty badly (I thought I was on the >> dev box ... turns out I was not ... oops) the net effect of which was >> I setup PF from scratch and imported the DB with all of my nodes, APs, >> etc from a backup ... but that also meant that I had to put back my >> customizations that made upgrades difficult. So I started looking for >> another way, and I found the way we are currently doing it now. >> >> A strange quirk of the WLC is that you cannot have SSIDs with the same >> name. It was at this point I was stumped since I am not allowed to >> change the name of our SSID. But then I found a very poorly >> documented feature of the WLC. >> >> You CAN have duplicate SSIDs so long as the WLAN ID is at least 18, >> after that you can duplicate SSID names as much as you like. >> >> "WHAT?!", I hear you say. >> >> "Yes, indeed!", I say. >> >> "But why 18? That seems arbitrary and foolish." You respond. >> >> "Yes, yes it does." I sigh. >> >> So, currently our setup is this. A single SSID per building that is >> attached to the interface group for that building. The WLC has an IP >> in the management VLan for the interface group so when it talks to PF >> it will use that IP. All thats left is to add the necessary IPs to PF >> as independent switches and viola! it works with no custom code >> required and it is upgrade safe, YAY! >> >> I can explain more fully if needed but this is the best way we have >> found yet. If anyone else out there has a better way I would be very >> interested in learning about it. >> >> Jake Sallee >> Godfather of Bandwidth >> System Engineer >> University of Mary Hardin-Baylor >> WWW.UMHB.EDU >> >> 900 College St. >> Belton, Texas >> 76513 >> >> Fone: 254-295-4658 >> Phax: 254-295-4221 >> >> ________________________________________ >> From: forums [[email protected]] >> Sent: Wednesday, December 03, 2014 11:12 AM >> To: [email protected] >> Subject: [PacketFence-users] Cisco WLC same SSID different vlans >> >> I see that Jake back in 2012 had a thread "New Cisco WLC module?" and >> it >> is the same issue I am running into. I need to offer the same SSID >> across the facility but need to use different vlans depending on which >> building the user is in. >> >> The WLC is running 7.6.130.0. Under authentication I can have the >> Auth >> Call Station ID type be the Ethernet mac of the AP, AP Name, AP Group, >> AP Location, etc. I can see the proper AP Ethernet mac address when I >> watch the pf.log. >> >> I was looking at using the AP Ethernet mac address, but AP location >> would be better as it would involve a smaller database. I am looking >> at >> custom.pm but am not seeing a variable for the switch_mac that I could >> use. >> >> Am I overlooking something? Has somebody else done this since 2012? >> >> Thanks >> Sean >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and >> Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & >> more >> Get technology previously reserved for billion-dollar corporations, >> FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and >> Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & >> more >> Get technology previously reserved for billion-dollar corporations, >> FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and > Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & > more > Get technology previously reserved for billion-dollar corporations, > FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
