Re: PEAP and IAS

mark_Bayliss · ‎12-15-2008

Hey everyone,

I have done a fair bit of reading into PEAP, IAS, 802.11x and so on.

This is the part I am confused with - I wish to have multiple VLAN's one for each of year groups. Can I force VLAN assignments using IAS / PEAP authentication using the same SSID? Or do I need one SSID per VLAN?

Last question - For each switchport an AP's connect to does the port needs to be configured as trunk?

Any help would be appreciated.

Cheers,

MArk

carenas123 · ‎12-19-2008

Yes, you need to to configure SSID per VLAN.

mark_Bayliss · ‎12-19-2008

Thanks for the reply.

From my understanding if using a radius server I should be able to have one SSID with multiples vlans. Users are assigned to a VLAN based on the policy set. Is this possible? We only have so many laptops with different users using them but I wish to restrict the user to a VLAN when they login onto our windows domain.

Scott Pickles · ‎12-22-2008

You can do either one. You can use AP VLAN groups to place users into a specific VLAN based on location. For example, if you want all of your students in Building 10 to be in VLAN 10, and all of your students in Building 11 to be in VLAN 11, AP VLAN groups allows you to do this. In addition, you can use an IAS server to assign dynamic VLANs based on credentials, but I don't recall if you need ACS for that or not. Email me directly for more assistance.

Regards,

Scott

spickles@vpnsystems.com

Scott Pickles · ‎12-22-2008

Mark -

These will help you:

Dynamic VLANs

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml

AP VLAN Groups

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008073c723.shtml

You will only need a trunk for you AP if you are running H-REAP.