Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2296
Views
0
Helpful
0
Replies

802.1x dynamic VLAN assignment with Radius NPS Server

netdood
Level 1
Level 1

‎11-19-2014 07:56 PM - edited ‎03-10-2019 10:11 PM

I can NOT get the NPS and Cisco 3550 switch to drop the authenticated user in a VLAN.

I have followed this documentation,

http://msdn.microsoft.com/en-us/library/dd314181(v=ws.10).aspx

that basically says to use these Radius attributes,

 

Tunnel-Medium-Type : 802

Tunnel-Pvt-Group-ID  :  My_VLAN_Number  (also tried VLAN name)

Tunnel-Type  : VLAN

 

There is some Cisco documentation that says to use Vendor Specific attributes Cisco-AV-Pair,

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_19_ea1/configuration/guide/2950scg/swauthen.html#wpxref83693

 

and I have also tried that,

 

cisco-avpair= "tunnel-type(#64)=VLAN(13)"


cisco-avpair= "tunnel-medium-type(#65)=802 media(6)"


cisco-avpair= "tunnel-private-group-ID(#81)=vlanid"

 

 

My user authenticates on the port fine, but doesn't get put into a VLAN.  If I add "sw acc vlan 110"  then the user authenticates and then does get an IP address in that VLAN and all is well.

 

Anybody know how to get dynamic VLAN assignment working with NPS?

 

NPS on Win 2012 R2

Domain controller separate Win 2012 R2 server

Cisco 3550 switch

 

 

 

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Top