Network Access Control

Hi,
I'm new with SNAC. I have tested SNAC( + LAN enforcer)  for wired LAN with cisco switch (3750), Microsoft Windows 2003 + IAS. It works fine but I can't extend NAC to wireless network. I use Cisco Aironet 1130AG which mode is  autonomous. In SEP 11 Management Console, if I configure an action to OPEN PORT when successful, wireless client can switch to access vlan based on Tunnel-Pvt-Group-id (set in IAS). But when I change this action to Switch to VLAN Access and disable VLAN attributes in IAS, Cisco Aironet can't change VLAN. While LAN Enforcer reports successfully in authentication, and in Aironet's web management, new event log is  "Station xxxx.xxxx.xxxx authentication fail". Why is happened ? Does anyone has been successful in SNAC+ wireless network? Do you have any document, any guide how to integrate SNAC with cisco aironet wireless ( autonomous ) ? please send to me !

Thank you !

Dung

Hi, Dung

  Inorder to support dynamic wireless VLAN assignment on Cisco wireless environment, you need a wilress LAN controller. The Cisco 1130AG itself won't support this feature. It must work with a wireless VLAN controller to support this. Please refer to following URL.

http://supportwiki.cisco.com/ViewWiki/index.php/Dynamic_VLAN_Assignment_with_RADIUS_Server_and_Wireless_LAN_Controller_Configuration_Example

Thanks
Craige

Hi, Craige
Thank you for fast reply ! I have done SNAC with aironet 1130AG integrated. I did a little trick when adding Aironet, I chose Cisco Catalyst profile (not Cisco Aironet Series). In Aironet, I create all VLANs associated with SSIDs, but broadcast one SSID as GuestMode. Now in SEP Manager, I can also set a policy to change radio client to any VLAN, not only OPEN port

Thanks
Dung

thax for ur reply dude
it really works

Where I set the configurations on Cisco Controller to uses SNAC for autenthication and dynamic Vlan ????