Assigning a VLAN to an AD authenticated 802.1x user/computer

swharvey · ‎08-21-2006

How do I configure our ACS 4.0 server (and 2950 switch) to assign an 802.1x authenticated user to a specific vlan based on the AD group that the user is a member of in the Windows Domain?

Example, Joe.Schmoe is an AD member of the group 'Sales' which is defined as well in the ACS under External user DB, DB Group Mappings, Windows DB, Domain Configs, NT Groups. How can I configure the ACS to assign Joe's 802.1x authenticated switchport to be assigned to a specific vlan?

etamminga · ‎08-21-2006

Hi,

One of the ways this can be done is by utilizing the Network Access Profiles features.

Have a look at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e984.html for more details on how to configure one. VLAN Assignment is done in the authorization section. Remember you need to configure the 2950 to do authorization as well for the VLAN assignment to work!

Although this document describes NAC as well, the NAC bits are optional!

Regards,

Erik

Assigning a VLAN to an AD authenticated 802.1x user/computer

User or Computer Authentication option...

2960 802.1x Authentication VLAN Assignment

Certificate-based Authentication and the Importance of AD UPN

Evoluindo IOT de MAB para 802.1x

802.1X VLAN Assignment