M and MSM Series
cancel
Showing results for 
Search instead for 
Did you mean: 

MSM 720 Active Directory Authentication (no DHCP)

 
Highlighted
David_Wuyts
Occasional Contributor

MSM 720 Active Directory Authentication (no DHCP)

Hi,

 

I would like to make a VSC with AD authentication, but for some reason I can't get it to work.

First some info:

System OS 6.5

 

ip interfaces:

access network: 10.20.63.30 / 22

internet network: 192.168.66.1 / 24

 

network profiles:

access network: VLAN ID 1

guest: VLAN ID 66

internal network: VLAN ID 10

 

Vlan's

access network  untagged 1234

Guest (Default)

internet network untagged 56

 

Ony 1 default group with 11 AP's

 

Currently there are 2 VSC that work: LAN and Guests

Both VSC have no auth or access control enabled and use simple WPA protection.

VSC LAN gets its DHCP from a windows 2008R2 server (Domain controller) at 10.20.60.1

VSC Guest gets its DHCP from the firewall on a seperate interface with a seperate internet connection (over VLAN 66)

 

I tested the folowing senarios:

make VSC: LAN-AD

under global, selected authentication

under 802.1x, remote, acitve directory

keep everything else default

the default AP group is not VSC bind to any egress network (so i would think traffic stays on the access network VLan 1)

on the AD settings i'm success full joined to the AD. (computer account was made in the AD)

on the Active Directory group attributes I activated both AC and non AC to use the default Dail-in abrubute.

on the AD i did enable the dail-in for the user i'm logged in on the client laptop.

 

This senario did not work, no DHCP (I would like the DHCP to come from the scope on the Win2008 server)

 

If I remove the 802.1x auth. and use WPA auth DHCP works.

 

I also did try to enable Access control on the VSC and use the DHCP realy option but still no avial.

 

Can anyone help me to correct this issue?

Many Thx! 

 

 

 

 

 

1 REPLY 1
Highlighted
sam6352
Occasional Visitor

Re: MSM 720 Active Directory Authentication (no DHCP)

Hello,

 

I am in the same situation with the exact same settings and clients do not get an IP address when autentication is via AD.  Did you manage to sort this out?

Thanks