VLAN Pool AAA override

  • 1
  • Question
  • Updated 10 months ago
I have two certificate templates configured in CloudPath that have a filter ID assigned to them.  One of them does what I want and one doesn't (one that works correctly was setup a while back, broken one I am working on now).  What happens with the working one is my 802.1x SSID is configured for Dynamic VLAN (AAA Override) . On the controller I have a two user roles created that assign a VLAN pool to that role.  Also on the controller under Proxy Authentication where the settings for cloud path are I have the two attributes map to the user role.  The one I setup previously correctly assigns the VLAN pool and traffic policy.  The new one does not, the client ends up getting a DHCP address from the native vlan.  I have a feeling there is something I missed on the controller side but I can't find it.
Photo of John Westlund

John Westlund

  • 26 Posts
  • 2 Reply Likes

Posted 10 months ago

  • 1
Photo of John Westlund

John Westlund

  • 26 Posts
  • 2 Reply Likes
I just was on a call with support and they had me put the vlans in a list in the CloudPath cert template like in the attached screenshot.
These are the two vlans that are in the pool assigned to the StaffBYOD user role.  The Filter ID is what I use to map to the user role in SZ100.  This user role has a traffic profile and vlan pool assigned to it and the traffic profile is being applied just not the vlan pool.  After adding this in Cloudpath it looks to me like all devices are getting an IP from vlan 730.  I have two other cert templates that use a different FilterID/User Role and they correctly apply the vlan pool without having to specify anything in Cloudpath for vlan ID.  I asked why those worked and this one doesn't but didn't get an answer.  I don't think the answer I got from support of adding the vlans in a list like this above is the answer.  Any ideas?