Extreme Campus Controller

  • 1.  XCC - VLAN mapping - no IP address

    Posted 16 days ago
    Edited by tfsnetman 16 days ago
      |   view attached

    Devices are not getting an IP address when mapped to a certain VLAN after successful authentication.
    VLAN mapping on the XCC is configured as below

    Switchport where the AP is connected has the VLAN tagged.

    Extreme Control is returning:

    XCC version: 05.36.02

    Any ideas what it could be?

    Thank you,

  • 2.  RE: XCC - VLAN mapping - no IP address

    Posted 10 days ago
    Opened a TAC case and was given this:
    Detailed steps are provided in the following article which is to create Tunnel-Private-Group-ID for XCC

  • 3.  RE: XCC - VLAN mapping - no IP address

    Posted 9 days ago
    Check the levels of code you are running. We are running the below levels and the integration is working fine. We were initially running an earlier version of XMC/Control and had problems as you are noticing.

    XMC/ Control: v8.5.6.17

    Essentially policy takes care of the vlan / isid without any special tweaking. I am having issues getting captive portal to work (in our case it is hosted on control) but the basic vlan assignment & fa works fine.

    Switch Definition for XCC in Control:

  • 4.  RE: XCC - VLAN mapping - no IP address

    Posted 3 days ago
    Are you using different VLANs for Guest User registration and Guest Access after the successful auth.? If yes, we have recently discovered an issue that prevents the client from getting IP from a new VLAN even if correct role has been assigned after Guest User registration. It has to do with DHCP packet ACKs when the user is in unauthenticated state. it is being looked at and a fix should be introduced in one of the coming releases.
    However, you should not have any issues, if the pre and post registration VLANs are the same. 


  • 5.  RE: XCC - VLAN mapping - no IP address

    Posted 3 days ago
    Hi Ovais,

    For our captive portal the vlan is the same. We do have a lot of WPA2 Enterprise networks which switch vlans.. is the bug just related to captive portal?



  • 6.  RE: XCC - VLAN mapping - no IP address

    Posted 3 days ago
    Yes, that issue is only related to the Captive Portal. If you are not flipping the VLANs then you shouldn't have any issues. 
    Since I have limited knowledge of your setup, my response below is based on assumptions:

    How are you integrating the XCC with Access Control engine? is it via XCC's onboard NAC? what I mean is, if you have created AAA policy under the "Onboard" main configuration tab then it would engage the XXC's onboard NAC. If this is the case, it requires more configuration on XCC related to onboard rule engine and Radius settings. Its not a recommended way of integrating XCC and ExtremeControl anymore. Instead, you should create AAA policy in the Configuration > AAA tab which will allow the auth. request to go straight to the Access Control engine and you won't need any other config on the XCC. 

    Another thing to check would be the VLANs and Roles on XCC. Looks like you are using Fabric Attach, make sure you create VLANs in the XCC  with mode set to FA. In addition, make sure the VLANs and correct roles are mapped to the AP profile by checking Configuration > Site > Device Group > AP Profile >  Roles and then VLANs.