M and MSM Series

MSM 760 controller, MSM422 accespoint, radius vlan

Occasional Contributor

MSM 760 controller, MSM422 accespoint, radius vlan

I have an MSM760 access controller, and MSM422 acces points. I have radius configured, and do not use the controller for authentication. Access point is authenticating. This is working fine most of the times, bus sometimes a client is not tagged int the correct vlan. Problably no tag at all because the client ends up in the default vlan. What can be wrong?





Re: MSM 760 controller, MSM422 accespoint, radius vlan

1) Type and version of RADIUS server?
2) Does it happen with any user or is the error limited to specific users?
3) Does it happen happen only with users that have already been authenticated once shortly before?
4) Could you record a network trace of the communication between the AP and the Radius server for an erroneous authentication? Are the necessary AVPs included in the RADIUS reply?

My initial guess is that it might be a caching problem, because I had the same issue last year. If the user was authenticated for the first time, the user information were read from the RADIUS DB and the AVPs related to VLAN-assignment were included. But if the user was authenticated frequently, the user credentials were compared to the cache and the user was authenticated from there. But the cache did not include the VLAN assignment. Hence, user that were authenticated from the cache always ended up in the default VLAN.