M and MSM Series

Not getting IP address when Access Control is ticked.

Occasional Contributor

Not getting IP address when Access Control is ticked.

Hi there, I hope someone can assist me with getting up a SSID with my MSM760.

I have many SSIDs which are all for seperate VLANs.

When i set these up to just authenticate on WPA2, i get an IP on the right subnet and everything works - We have a proxy which have 3 DHCP servers on that gives the relevant leases.  However when i tick the Access Control so i can authenticate with 802.1x, it authenticates fine but i get no IP address.  I have looked everywhere and can't seem to find why this is happening.

If you need any more information about the VLANs please let me know.


Esteemed Contributor

Re: Not getting IP address when Access Control is ticked.

Authenticate sends just the authentication request back to the controller, and then after authentication, responds to the AP and the traffic is then put onto the network at the switch the AP is connected to.

Access control sends all the traffic back to the controller through a tunnel, so traffic then has to leave  via the controller ports. Unless you egress the traffic to your vlans with DHCP server on them not going to get an address

But you don't need to use access control to use 802.1x authentication - this can be set on the controller VSC by checking the 802.1x section. You could use the AD authentication but if you want to specify user vlan as well, use a RADIUS server to send the VLAN back as a parameter. In my case I have one SSID and can set VLAN by user group memebership or other access parameters.

Setup a radius profile to define the server and authentication method (most likely mschapV2)

Then check 802.1x authentication, remote and specify the RADIUS profile.

Unless you need to tunnel (encrypt) the traffic back to the controller, its more efficient to just authenticate and dump the traffic local to the AP