https://community.cisco.com/t5/network-access-control/access-for-specific-ad-users/m-p/3901477#M541331 <P>Hi,</P><P>&nbsp;</P><P>If I want to authorize users from a specific AD group access to a specific VLAN do I need to have that VLAN configured as an interface on the WLC?</P><P>&nbsp;</P><P>Thanks,</P><P>-Jack</P> Thu, 01 Aug 2019 13:52:13 GMT jacksonajax 2019-08-01T13:52:13Z https://community.cisco.com/t5/network-access-control/access-for-specific-ad-users/m-p/3901477#M541331 <P>Hi,</P><P>&nbsp;</P><P>If I want to authorize users from a specific AD group access to a specific VLAN do I need to have that VLAN configured as an interface on the WLC?</P><P>&nbsp;</P><P>Thanks,</P><P>-Jack</P> Thu, 01 Aug 2019 13:52:13 GMT https://community.cisco.com/t5/network-access-control/access-for-specific-ad-users/m-p/3901477#M541331 jacksonajax 2019-08-01T13:52:13Z https://community.cisco.com/t5/network-access-control/access-for-specific-ad-users/m-p/3901975#M541332 <P>No you don't. You just need to have an Airespace ACL that's assigned to the user session by your policy server (e.g., ISE or ACS). The ACL will restrict all users except the authorized ones from accessing the destination subnet that's associated with the VLAN.</P> <P>You could also alternatively use Scalable Group Tags (SGTs).</P> Fri, 02 Aug 2019 11:03:23 GMT https://community.cisco.com/t5/network-access-control/access-for-specific-ad-users/m-p/3901975#M541332 Marvin Rhoads 2019-08-02T11:03:23Z