I'm currently looking a way to enable to switch to send the port VLAN in a RADIUS request. When a dot1x authentication occurs, the switch sends loads of information to the ACS but not the VLAN.
I found the RADIUS attribute 87 (NAS-Port-Id) which is apparently not supported on catalyst switches but even then, only the port name is given (for example FastEthernet0/2).
Any other ideas?
Thanks for your help,
I do not believe your exact answer exist. You might want to look at RFC4675. With some tweeking of vlan memberships and vlan id's you may be able to get what you want to work how you want it to work. Minimally you can setup tagging so that users who login will not have access to vlans they should not have access to and it sounds like that is your big picture goal.