Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1507
Views
0
Helpful
3
Replies

802.1x and wired dynamic vlans on MAC addresses

action711
Level 1
Level 1

‎09-30-2014 09:34 AM - edited ‎03-10-2019 10:04 PM

Hi All,

I would like to setup our new offices with dynamic vlans determined by the MAC address of the device connecting. So I need a database of MAC addresses in groups for which vlan they will go in, with separate vlans for printers and servers and computers and BYOD. If this can work for wireless too then even better.

I've done some reading but am really struggling to find the information I need.

We have a Windows domain and brand new 3850 Cisco switches.

 

Can anyone steer me in the right direction (or tell me how to do it!) please?

 

Thanks for reading.

Labels:
0 Helpful
3 Replies 3

Javier Portuguez
Level 9
Level 9

‎10-01-2014 05:40 AM

Hi, 

So you need to perform MAB authentication. As you mentioned, you will need to create a DB of MAC entries.

In order to configure the Windows server (2003 or 2008?) to assign the dynamic VLAN you need to define the Remote Access Policies and create the custom attributes. For example:

  1. Tunnel-Medium-Type. Select a value appropriate to the previous selections you have made for the policy. For example, if the network policy you are configuring is a wireless policy, select Value: 802 (Includes all 802 media plus Ethernet canonical format).
     
  2. Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. 
     
  3. Tunnel-Type. Select Virtual LANs (VLAN).

You can find more information here:

Configure a Network Policy for VLANs

VLAN Attributes Used in Network Policy

802.1X Authentication Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

 

HTH.

 

 

 

 

0 Helpful

action711
Level 1
Level 1
In response to Javier Portuguez

‎10-01-2014 09:27 AM

Thanks Javier, nice answer.

 

Will try it out soon, want to use it in our new offices in December and then roll it out across our 9 sites. 

 

 

 

 

0 Helpful

Javier Portuguez
Level 9
Level 9
In response to action711

‎10-01-2014 09:51 AM

Sounds like a plan my friend.

Glad to help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents