James, The client should be moved to the vlan specified in "Airespace / Interface-Name" attribute, not "Tunnel-Group-ID". Do you have a dynamic interface called "np8ss0" in your WLC?
Dennis Xu Network Analyst(CCS) University of Guelph 5198244120 x 56217 -----Original Message----- From: James J J Hooper [mailto:[EMAIL PROTECTED] Sent: October-22-07 12:43 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco WISM + Radius to select VLAN Hi All, We have the Cisco WISM solution up and running. I have set up a new WLAN SSID with web based auth. I now want to put the users in different VLANs depending on who they are using the RADIUS reply. I have ticked the 'Allow AAA Override' box and i'm sending back the following RADIUS attributes: Sending Access-Accept of id 50 to 172.17.107.242 port 32769 Airespace-Interface-Name = "np8ss0" Service-Type = Login-User Tunnel-Medium-Type = IEEE-802 Tunnel-Type = VLAN Tunnel-Private-Group-Id = "449" Airespace-Wlan-Id = 3 These are correctly received by the WISM: Packet contains 6 AVPs: AVP[01] Airespace / Interface-Name.....np8ss0 (6 bytes) AVP[02] Service-Type...............0x00000001 (1) (4 bytes) AVP[03] Tunnel-Medium-Type.........0x00000006 (6) (4 bytes) AVP[04] Tunnel-Type................0x0000000d (13) (4 bytes) AVP[05] Tunnel-Group-Id............449 (3 bytes) AVP[06] Airespace / WLAN-Identifier....0x00000003 (3) (4 bytes) but the client still remains in the default VLAN (i.e. is not moved to 449). Does anybody know: Am i sending the correct attributes back? What the magic incantation to make it work is? We are running 4.1.185.0 on the WISMs and FreeRADIUS 1.1.7 for AAA. Many Thanks, James -- James J J Hooper Network Specialist Information Services University of Bristol http://www.wireless.bris.ac.uk -- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
