Re: NAC Active Directory Vlan Assignment

iwearing · ‎05-04-2007

Hi,

Can anybody confirm whether it is possible to assign Users to specific Vlans based on Active Directory attributes.

Cisco NAC 3100 Series devices will be deployed in the installation. At present no posture assessment is necessary, only Vlan assigment using AD username/password.

The documentation is unclear as to whether this can be achieved.

Thanks

Ian.

med_ddevlin · ‎05-04-2007

If you have ACS in place you can use that. I realize you did not mention that you did but wanted to throw that out as well.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

Please rate if this helps

iwearing · ‎05-04-2007

Thanks for the reply.

Unfortunately the customer specifically wishes to use the NAC Servers for Vlan assisgnment based on AD attributes.

Next will come posture assessment etc.

I can find no documentation that verifies this is possible using NAC?.

Ian.

pplsi · ‎05-04-2007

I know if you are doing a NAC appliance setup CAM/CAS you can map the OU from AD to a vlan.

Looks like you are using NAC framework which in that case I believe you would have to use the ACS.

vliegen · ‎05-04-2007

Hi Ian:

Thanks for your question. Unfortunately, Your question is not related to the topic being covered, which is Physical Securtiy & Video Surveillance. Suggest to email directly with Cisco Support: tac@cisco.com

Hope that they will able to resolve your question. Best regards,

Hugo