Solved: Re: what's configuration i need to do for assign different VLAN to different users via 802.1x on ISE...

sbmc014 · ‎05-08-2018

There are two users in this environment , alex & dlink :

and i already enable IETF 802.1x on network device profile :

but i don't know where i can configure different VLAN to different users ?

hslai · ‎05-08-2018

For simple VLAN ID/name, we specify VLAN under the common tasks in an authorization profile. If using a user-attribute, then use the Advanced Attributes Settings for the three tunnel attributes.

View solution in original post

hslai · ‎05-08-2018

For simple VLAN ID/name, we specify VLAN under the common tasks in an authorization profile. If using a user-attribute, then use the Advanced Attributes Settings for the three tunnel attributes.

sbmc014 · ‎05-09-2018

thanks for your reply , it can work now , but both of users are assigned the same VLAN , if i want assign different VLAN to different users , where i need to configure ?

ldanny · ‎05-10-2018

Here is a post showing an example how you can assign a vlans per user

Dynamic Attribute with ISE: VLAN Assignment

craiglebutt · ‎05-11-2018

cheers for this, spot on.

only question is, playing on a test server, our DC Team wonder if can do this by security group and add users in to it instead of by AD attribute for user?

Cheers

hslai · ‎05-11-2018

If using AD groups, then please create separate authorization policy rules to assign the VLANs.

If AD-group-1 then AuthZ-Profile-1-with-VLAN-A

If AD-group-2 then AuthZ-Profile-2-with-VLAN-B

...

craiglebutt · ‎05-10-2018

Hi,

Confirmation, we've got over 15,000 users, if enable this, is it a default setting for all users, or can we just pick the users we want?

cheers

what's configuration i need to do for assign different VLAN to different users via 802.1x on ISE?