DescriptionBasic steps to troubleshoot registered wireless clients moving to the wrong VLAN.Solution- Verify the VLAN value assigned to the client within the Controller/AP.
- Compare the VLAN value to value logged in NAC. In the NAC Administration UI, navigate to Hosts > Host View.
- Search for the wireless MAC address of the affected host.
- Verify the Host state (At-Risk, Registered, etc).
- Verify wireless adapter shows online.
- Review the Network Access Value for the wireless adapter.
Adapter’s Network Access Value matches the value in Controller/AP: Suggests NAC assigned the VLAN.
Next steps:
- Verify the SSID Configuration has the correct Network Access values (VLANs) assigned for the various host states. (SSID may be using inherited configuration from Controller/AP)
- If using Network Access Policies to assign VLANs, refer to related KB article below.
Adapter’s Network Access Value does not match the value in Controller/AP: Suggests NAC did not assign the VLAN.
Next steps:
- Verify the Shared Secret exactly matches between all the following components:
- Controller/AP
- SSID
- Controller/AP Model Configuration in NAC
- SSID Configuration in NAC
- (802.1x) RADIUS Server Model (System > Settings > RADIUS)
- (802.1x) RADIUS Server
- Verify the RADIUS response from NAC reached the Controller/AP via packet capture or Controller/AP debug.
If behavior persists, further debugging may be required. Contact Support for assistance.
Related Articles
Technical Tip: Troubleshooting policies
Troubleshooting Tip: RADIUS wired and wireless clients not connecting
