cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2024
Views
0
Helpful
0
Replies

802.1x dynamic VLAN assignment with Radius NPS Server

netdood
Level 1
Level 1

I can NOT get the NPS and Cisco 3550 switch to drop the authenticated user in a VLAN.

I have followed this documentation,

http://msdn.microsoft.com/en-us/library/dd314181(v=ws.10).aspx

that basically says to use these Radius attributes,

 

Tunnel-Medium-Type : 802

Tunnel-Pvt-Group-ID  :  My_VLAN_Number  (also tried VLAN name)

Tunnel-Type  : VLAN

 

There is some Cisco documentation that says to use Vendor Specific attributes Cisco-AV-Pair,

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_19_ea1/configuration/guide/2950scg/swauthen.html#wpxref83693

 

and I have also tried that,

 

cisco-avpair= "tunnel-type(#64)=VLAN(13)"

cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"

cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"

 

 

My user authenticates on the port fine, but doesn't get put into a VLAN.  If I add "sw acc vlan 110"  then the user authenticates and then does get an IP address in that VLAN and all is well.

 

Anybody know how to get dynamic VLAN assignment working with NPS?

 

NPS on Win 2012 R2

Domain controller separate Win 2012 R2 server

Cisco 3550 switch

 

 

 

0 Replies 0