802.1x Wired Authentication

mediaos718 · ‎06-20-2017

I would like to configure a Cisco [Cat 2960] switch for 802.1x wired authentication. I am able to assign a specific VLAN if the laptop passes or fails authentication with the use of Cisco ACS. If passed the port is assign to an internal VLAN - If failed the port is assign to Guest VLAN

However, I would like to assign 3rd VLAN (Based on time of the day) to be able to push updates.

Does anyone have any experience with this setup or closely similar?

m.kafka · ‎06-21-2017

Depends on your RADIUS Server, you would need to return a different VLAN based on time-of-day.

mediaos718 · ‎06-22-2017

I am not able to do it through the Radius server. Is there a way to assign that 3rd VLAN at the switch level based on certain criteria. For example: If the laptop is locked or there is no activity or after a certain period of time, then assign the port to this VLAN. I need this VLAN so that I can push update to the PC

m.kafka · ‎06-23-2017

Sorry, I am not aware of any time-based or conditional VLAN-assignment which can be configured locally on the switch.

You could write a script e.g. in powershell which puts the accessports in a special VLAN for updating.

That's all I can contribute if you can't control the RADIUS-server.

Rgds, MiKa

mediaos718 · ‎06-23-2017

m.kafka , do you know how I could push the VLAN from the radius server based on time of the day?