Catalyst 2950, VLAN, 802.1x and Cisco Secure ACS

Unanswered Question
Sep 1st, 2007

Hello, Im looking forward to dropping a user in the appropriate vlan after the eap processing is complete by ACS.

Does filter-id property mean vlan in acs? Wait, i think thats ACL. What property is vlan?

About the vlans, how do i specify them on the switch? Right now, the client pc is an utagged member of vlan 10. But what if the user logging into the station had a filter-id of 20?

Would i be able to make the switch port an untagged member of 10 and 20 vlan? I could see tagging the port for multiple vlans okay, pending the client machine had a dot1q capable nic.

How is the switch port supposed to be a member of a vlan specified by the radius server, when the specified vlan is based on the user's group?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jstickland Sun, 09/02/2007 - 20:07

Hmm...i think the IEEE radius authorization attribute for vlan is "tunnel private-id group"


This Discussion