05-25-2007 11:51 AM - edited 03-10-2019 03:10 PM
Hi,
I'm working in a NAC lab where I wish assign a VLAN via 802.1x during machine boot using machine authentication only in CTA. After that when an user logs into that machine I want to assign an user based VLAN even thought switch port is already authorized. Is there any solution for that?
Thanks in advanced,
Alberto
05-28-2007 12:37 AM
Hi Alberto,
Yes. You can do that with Cisco ACS. Firstly add the computer name registered in the AD domain into a group. Map the group in ACS and user in another group. Follow the user guide on how to assign dynamic vlan and you should be able to get it to work.
My problem is without machine authentication but allow user to logon first time on the machine. It seem in ACS, the user need to have his credential cached locally before he can logon into the network. Anyone able to overcome it?
Thx.
Cheers,
Phoon
05-28-2007 04:21 AM
Phoon,
I think that might work with 802.1x native Windows supplicant, however I have been deploying 802.1x supplicant version of CTA. After a successful posture validation I'm not being able to supersede healthy VLAN with the machine VLAN nor supersede healthy VLAN with user VLAN. In ACS Reports and Activity I can see both machine and users are being successfully authenticated but their profiled VLAN are not being used. Any ideia?
Thanks,
05-28-2007 06:30 AM
Hi Alberto,
It definitely works on native Windows as I have it in production. I'm not familiar with CTA but I thought it should work on the same principle. I suggest you first test out on pure Windows XP supplicant to confirm the VLAN assignment is working. After that read carefully on the CTA part and whether XP setting is required.
My two cent's thought.
Cheers,
Phoon
05-28-2007 11:29 AM
Phoon,
I will follow you advices. Any good news I will get in touch.
Thank you very much,
Alberto
05-28-2007 09:27 PM
Thanks. Plse rate accordingly whether the suggestion is workable.
Cheers,
Phoon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide