I have a configuration from topic.
Two VLAN 102 and 110.
dot11 ssid test1
vlan 110
authentication open eap wifi_login
authentication network-eap wifi_login
authentication key-management wpa version 2
accounting WiFi_New
dot1x eap profile Main
dot11 ssid test2
vlan 102
authentication open eap wifi_login
authentication network-eap wifi_login
authentication key-management wpa version 2
accounting WiFi_New
dot1x eap profile Main
Both configured for Freeradius server for authorization and accounting.
All works fine when I connect to VLAN 110(ssid test1) Directly.
Address obtained through DHCP and ip helper-address
When I add Freeradius reply attributes:
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
Tunnel-Private-Group-Id := 110
}
All works fine, I see these attributes on access point during debug. Cisco honors them and apply. But do no changes because VLAN isn't changed.
When I add Freeradius reply attributes:
update reply {
Tunnel-Type := 13
Tunnel-Medium-Type := 6
Tunnel-Private-Group-Id := 102
}
I see these attributes on access point during debug. Cisco honors them and apply. I see that bridge id changed in show dot11 assos mac. But I can't obtain address through DHCP. I see DHCP discover, than I see DHCP offer(on core switch show arp shows me new IP with MAC of the client). But I suppose cisco AP(3602 btw) doesn't send offer to client by some reason. Can't find any reason though. There is no DHCP request or ACK. All stopped with offer.
May be there is some tricks which I forgot?
My suppose that cisco sends discover to VLAN 102, but maybe bug or something and she sends offer to VLAN 110? But we all no that cisco doesn't have bugs ) So I suppose that I miss something.
