Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
4
Helpful
2
Replies

Authentication with VLAN

adul
Level 1
Level 1

‎03-05-2005 07:11 AM - edited ‎07-04-2021 10:32 AM

I have three VLAN on Access Point (exclude management VLAN). I want map user to vlan (user on Cisco ACS 3.2) Do you have solution for me?

Labels:
0 Helpful
2 Replies 2

adul
Level 1
Level 1

‎03-05-2005 08:32 AM

I want to used only one SSID

0 Helpful

jafrazie
Cisco Employee
Cisco Employee

‎03-07-2005 12:47 PM

This is done by setting RADIUS Attributes [64], [65], and [81] on a RADIUS Server. Here's an example:

[64] Tunnel-Type – “VLAN” (13)

[65] Tunnel-Medium-Type – “802” (6)

[81] Tunnel-Private-Group-ID - or

Here are specifics for an AP:

Before 802.1x, the AP authenticates the client using the auth-type configured for the SSID the client associated with.

*Option1: After authorization by 802.1x, and IF RADIUS specifies the VLAN, the AP can assign the VLAN supplied by [81] (regardless of the SSID to VLAN mapping configured on the AP). NOTE: If no VLAN was supplied by the RADIUS server, the AP assigns the default SSID to VLAN mapping.

*Option2: After authorization by 802.1x, and IF RADIUS specifies the SSID (with a VSA --> [026\009\001]), the AP can use this info to check that the SSID RADIUS specified matches the SSID the client used to associate. If != SSID, disassociate. If = SSID, then map the VLAN.

NOTE: If either the AP or switch receive a VLAN assignment from the RADIUS that doesn't match a valid VLAN on that switch or AP then the client is disassociated.

Hope this helps.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card