Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
0
Replies

Assign SGT tags via RADIUS AVpairs

yosefshai
Level 1
Level 1

‎03-16-2016 05:06 AM - edited ‎03-10-2019 11:35 PM

Hello Cisco folks,

I'm trying to set up a LAB environment where supplicants (Windows machines) are configured with dot1x settings and are authenticated against a RADIUS server, see an example below.

I would like supplicants to be assigned with SGT tags that will be sent to my NAS (authenticator) via RADIUS AVpairs upon successful login but couldn't find the correct AVpair.

I found this Cisco document http://ftp.cisco.cz/Seminare/2013-ConnectClub/2013-10-24-CC-TrustSec-JiriTesar.pdf that talks about assigning SGT tags via a RADIUS server but didn't manage to do that.

Could anyone please advise in here?

Thanks Shay

SW30#show authentication sessions interface gigabitEthernet 1/0/9
            Interface:  GigabitEthernet1/0/9
          MAC Address:  3c97.0e16.5b60
           IP Address:  10.30.2.55
            User-Name:  host/QA1-W7-32BIT.mydomain.com
               Status:  Authz Success
               Domain:  DATA
       Oper host mode:  single-host
     Oper control dir:  both
        Authorized By:  Authentication Server
           Vlan Group:  N/A
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0A1E01FA0000021B346DF180
      Acct Session ID:  0x00000A4B
               Handle:  0xE400021B

Runnable methods list:
       Method   State
       dot1x    Authc Success

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents