802.1x Dynamic Vlan assignment using ACS

Unanswered Question
Apr 7th, 2010
User Badges:

Hi,



I have the following scenario


2 bulidings with multiple floor


Each floor should be in different VLAN.


The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.


Each user should be able to connect and roam around between any building. when ever a user is connecting his laptop to any floor, he should be made part of that respective vlan. It is not requred to have the same IP rage to be allocated, but the dynamic VLAN should be based on the switch port location.


Can I configure ACS in such a way that, the ACS will allocate dynamic VLAN for every 802.1x authentication  based on the Network Device Group. Please refer the attached diagram

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Wed, 04/07/2010 - 22:26
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,



I have the following scenario


2 bulidings with multiple floor


Each floor should be in different VLAN.


The network should be authenticated with 802.1x and each switch port should be assigned with dynamic VLAN from ACS.


Each user should be able to connect and roam around between any building. when ever a user is connecting his laptop to any floor, he should be made part of that respective vlan. It is not requred to have the same IP rage to be allocated, but the dynamic VLAN should be based on the switch port location.


Can I configure ACS in such a way that, the ACS will allocate dynamic VLAN for every 802.1x authentication  based on the Network Device Group. Please refer the attached diagram

Hi,


Check out the below link for your requirement for dynamic vlan assignement using ACS


http://www.ciscosystems.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

prasad.gsmc Wed, 04/07/2010 - 23:02
User Badges:

thanks for the response but I am not able to find an answer on whether based on the Device group VLAN could be assigned or not. All doc says its based on user ID....

Ganesh Hariharan Wed, 04/07/2010 - 23:10
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

thanks for the response but I am not able to find an answer on whether
based on the Device group VLAN could be assigned or not. All doc says
its based on user ID....

Hi Prasad,


If your query is the devices which are configured in ACS for authentication on that basis vlans are assigned,If yes this is not the way ACS works it actually is on the basis of userid only.Whenever a user plugs a cable to your switch port where you have configured 802.1x the radious packet rquest will send to acs then you will get reply in terms of username and password where userid will be given which is configured in ACS database or some external database which intergarated with ACS.If that matches the assignment of vlan will be done on userid basis only.Just an explanation for your query.


Hope to help !!


Ganesh.H


Remember to rate the helpful post

naveen999 Tue, 04/21/2015 - 05:44
User Badges:

Hi,

I am trying the same scenario,kindly resend the link.Unable access the link...

 

 

Thanks & Regards,

Naveen A

Actions

This Discussion