cancel
Showing results for 
Search instead for 
Did you mean: 

How can I dow a Radius overwrite to WING7.6.3

How can I dow a Radius overwrite to WING7.6.3

JohanHendrikx
Contributor II

I have a two WING controllers (VM appliances) configured as a cluster. 

The controllers are configured as radius client in EAC

The WLAN I connect to, must do a MAC address athentication. So far its works. But the client isn't placed in the right vlan.

How can I achieve a radius overwrite of the vlan.

 
Johan Hendrik System Architect Audax
1 ACCEPTED SOLUTION

Tomasz
Valued Contributor II

Hi Johan,

 

It seems there’s no VLAN ID set in the Policy Mapping that is chosen for a given NAC Profile.

Please see here, “VLAN [ID] Name” value has to be set:

c32a0c3ea38d46098c6c28bd9c269dcc_f445886c-68e7-4730-8201-dc9c7fb540bf.png

 

Hope that helps,

Tomasz

View solution in original post

6 REPLIES 6

JohanHendrikx
Contributor II

Tomasz,

 

Check. this was the solution. 

Johan Hendrik System Architect Audax

Tomasz
Valued Contributor II

Hi Johan,

 

It seems there’s no VLAN ID set in the Policy Mapping that is chosen for a given NAC Profile.

Please see here, “VLAN [ID] Name” value has to be set:

c32a0c3ea38d46098c6c28bd9c269dcc_f445886c-68e7-4730-8201-dc9c7fb540bf.png

 

Hope that helps,

Tomasz

JohanHendrikx
Contributor II

Thomasz,

Device is set to Radius attributes to send on RFC 3580 - VLAN ID

I see only 2 attributes..

Tunnel-Private-Group-Id isn't set.

 

 

882b9d4cf6714f72942aa360ee9ba113_8b9222aa-1368-46c3-89a8-1fc847a8646e.png

 

Johan Hendrik System Architect Audax

Tomasz
Valued Contributor II

Hi Johan,

 

For dynamic VLAN assignment you want the EAC to send the attributes like this (you can verify by highlighting your end-system row under Authorization column):

8e37223997ca48988022f8f541d87d25_92f9f8c8-7357-4e61-b1fb-58742faf62b7.png

I mean, the ‘Tunnel-’ trio.

This can be chosen under Switches tab within EAC configuration (RADIUS Attributes To Send):

8e37223997ca48988022f8f541d87d25_4032527b-34e3-4517-9e55-a5103a496167.png

If this is set (and device is granted relevant EAC Profile and ‘Accept Policy’ - which is a policy mapping in fact) you should see appropriate Tunnel attributes being sent as your End-System table indicates.

Then, if your devices are still not getting their VLAN, it might be something along the way or WiNG config itself. But I’d review that part first.

 

Hope that helps,

Tomasz

GTM-P2G8KFN