Assigning a VLAN to an AD authenticated 802.1x user/computer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2006 06:07 PM - edited 03-10-2019 02:43 PM
How do I configure our ACS 4.0 server (and 2950 switch) to assign an 802.1x authenticated user to a specific vlan based on the AD group that the user is a member of in the Windows Domain?
Example, Joe.Schmoe is an AD member of the group 'Sales' which is defined as well in the ACS under External user DB, DB Group Mappings, Windows DB, Domain Configs, NT Groups. How can I configure the ACS to assign Joe's 802.1x authenticated switchport to be assigned to a specific vlan?
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2006 09:57 PM
Hi,
One of the ways this can be done is by utilizing the Network Access Profiles features.
Have a look at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e984.html for more details on how to configure one. VLAN Assignment is done in the authorization section. Remember you need to configure the 2950 to do authorization as well for the VLAN assignment to work!
Although this document describes NAC as well, the NAC bits are optional!
Regards,
Erik
