WIRELESS CLIENT GRANTED ACCESS TO (IAS) RADIUS SERVER

Wireless Client Granted Access to (IAS) Radius Server, BUT is unable to get an address from DHCP server

Experienced this with one of my customers and Earl asked me to tell the customer to do the following in his Radius Remote Access Policies

Note: THIS ONLY APPLIES TO IAS ONLY

1.- If customer is using IAS (Internet Authentication Service) Radius Server with Windows 2003

Most likely the customer has a created policy, but if you like you can right click and create a New Remote Access Policy. Make note that there is an existing WX1200-Policy ( that will be used as our example)

2.- Right click existing policy and select Properties

3.- Customer may have existing policy conditions make sure that customer has specified conditions to match:

Client-IP-Address must match the Wireless Lan Controller (WX1200 or Wx4400)

Note: Make sure that this condition is on the top of the policy conditions list

4.- We are now going to edit the profile associated to the policy condition, click Edit Profile

5.- We are now going to add a new attribute Vendor-Specific and click Add

6.- Click Add button and then the Vendor-Specific Attribute Information windows will pop

7.- In the Vendor-assigned attribute number field type : 1

NOTE: in the attribute value the customer MUST enter the “name of the default vlan he or she has setup”

This field is CASE sensitive so match the default name letter for letter!

ALTERNATIVE

If Radius Server fails to send vlan attribute or WX does not make it out, IETF Tunnel-Private-Group-ID attribute could be used instead.

Attribute value in = String format

Attribute value = <vlan-name> , e.g. default

David Gonzalez 2021/03/31 11:43