This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NAC X CONTROLER VE6120 Medium 10.4 X ap305c

NAC X CONTROLER VE6120 Medium 10.4 X ap305c

Go to solution
JetFlys
New Contributor

‎05-13-2024 02:40 AM

Hello all,

I have a NAC system that work around my LAN.

Then I have a WIFI system (VE6120 Medium 10.04) on the same LAN

I've deploy some AP's to distant branch, on one site is all ok, while the other is not despite they have the same configuration.

For the second site everything is configured, the controler see the site and the AP's, the client can connect to the WLAN but they don't get any IP while the DHCP is directly connect on the same switch as the AP's.

The NAC evalution tool show me that clients get the wright role (Site 2 Role). But on the controler it show that client get the default enterprise user instead of Site 2 Role.

I don't know if clients can't get an IP because of the default role or the default role is the reason why they don't get any IP.

 

Thank you for your reflections 🙂

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AntonScholz
New Contributor II

‎05-13-2024 05:45 AM

Hello JetFlys,
please make sure, that the Rule "Site 2 Rule" is assigned to the Device Profile of your second Site. Otherwise, the Controller will assign the Default Role to the Client.
If the Role is missing, the Controller will also write an entry into the Controller Event-Log. Like this:
"RADIUS Server role [RoleXYZ] is not part of Device Group/Site XYZ"

Please also check your NAC Attributes, which are sent to the Controller after successfully authentication.

Best Regards

Anton

 

 

View solution in original post

2 REPLIES 2

Go to solution
AntonScholz
New Contributor II

‎05-13-2024 05:45 AM

Hello JetFlys,
please make sure, that the Rule "Site 2 Rule" is assigned to the Device Profile of your second Site. Otherwise, the Controller will assign the Default Role to the Client.
If the Role is missing, the Controller will also write an entry into the Controller Event-Log. Like this:
"RADIUS Server role [RoleXYZ] is not part of Device Group/Site XYZ"

Please also check your NAC Attributes, which are sent to the Controller after successfully authentication.

Best Regards

Anton

 

 

Go to solution
Bartek
New Contributor III
In response to AntonScholz

‎05-14-2024 01:20 AM

In addition to Anton response, you can also add both controllers to this same Policy domain to keep both controllers in sync with Roles defined in your network. What is more, you can also import existing roles from controllers to a Policy domain

Regards

Bartek

0 Kudos
GTM-P2G8KFN