I would like to go for "Dynamic VLAN Assignment with RADIUS Server and Aironet Access Points 1130(flash:/c1130-k9w7-mx.124-21a.JA1/c1130-k9w7-mx.124-21a.JA1)". I want the AP to broadcast only one SSID. The client find the SSID ->put in his user credential->Raudius athentication->assign him to an specific vlan based on his groupship.
The problem here is that I don't have a AP controller but only configurable Aironet Access Points 1130. Can I do without Wireless Lan Controller. Have you configuration document dealing with this issue?..
First;
Wired lab is working on 802.1x, There are no problems(802.1x authentication etc..)
Use Equipment: Three Cisco AP 1130, ACS 4.2, Windows Active Directory Database(Group Mapping), Windows DHCP, Cisco 2960 Switch
We use three VLAN; VLAN ID 100 (Management) , Vlan 2 and Vlan 3, Single SSID:WSVMYK
but its still not working on wireless network,.
Looking at the problem does not appear in the radius logs
(Radius Log: passed Authentication ok),, but wireless client can not get ip..
First Trial;
Radius(ACS 4.2)
For Group 2 setting
Tunnel-Type (64) :GRE
Tunnel-Medium-Type(65) :IP4
Tunnel-Private-Group-ID (81):2
its still not working
Last Trial:
Tunnel-Type (64) :Vlan
Tunnel-Medium-Type(65) :802
Tunnel-Private-Group-ID (81):2
Cisco AP 1100 Config
aaa new-model
aaa group server radius rad_eap
server 192.168.1.2 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 syslog
dot11 vlan-name muhasebe vlan 2
dot11 vlan-name satis vlan 3
dot11 ssid WSVMYK
vlan 100 (How to config, 2 or 3 from the set vlan so there is no problem,It’s working,but removed the vlan radio interface is down)
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
guest-mode
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
encryption vlan 100 mode ciphers aes-ccm tkip
ssid WSVMYK
channel 2412
station-role root
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface Dot11Radio0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
interface Dot11Radio0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface FastEthernet0.3
encapsulation dot1Q 3
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
interface FastEthernet0.100
encapsulation dot1Q 100 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.1.252 255.255.255.0
no ip route-cache
ip default-gateway 192.168.1.254
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
Single SSID Multiple VLAN Without WLC..(Cisco) 
Linear Mode
