ACS 5.1 and dynamic VLAN assignment

Unanswered Question
Sep 6th, 2010

I have installed ACS 5.1 in a test environment and would like to assign data- and voice-vlans dynamically. Currently I have about 60 data-vlans and even more voice-vlans.

Unfortunately I don't find neither an example nor explanations how to configure this.

Please can anyone provide infos such as either xamples, some documentations or at least a URL with the required infos.

I really appreciate very much any kind of support

Thanks in advance

Roman

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nathaniel Austin Tue, 09/07/2010 - 13:28

Hi Roman,

You would do all this configuration under Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles. You would likely need a different profile for each vlan that you want returned. The VLAN is selected on the "Common Tasks" page of each profile:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/pol_elem.html#wp1052908

Once you have profiles configured for each vlan you want to return, edit your Access Policies and return the appropriate Authorization Policy based on whatever criteria you want (external user groups, network devices, etc).

Thanks,

Nate

rhub Mon, 09/13/2010 - 04:41

Hi Nate,

Many thanks for your reply and sorry for not coming back earlier. I had a problem with my provider and therefore was out of service for the last few days.

In the meantime I found the solution by myself :-)

May I ask you another question:

I Have another customer running a WLC 4402/ ACS 5.1 to connect MACs wireless to the network. He is running 2 SSIDS (CASSIOPEIA, POLLUX) to separate the VLANs (CASSIOPEIA = VLAN_ID 25 for students, POLLUX 0 VLAN_ID 26 for teachers).

Now we would like to separate teachers and students using 802.1x. I tried several configs but unfortunately none of them worked correctly.

Can you give me some hints and tipps how to configure this szenario on the WLC as well as on the ACS ?

I really appreciate your support and thanks very much in advance

Roman

HassnainRashid Sat, 04/09/2011 - 00:16

Hi rhub

I have installed ACS 5.1 and successfully integrate it with active directory. I have used EAP (PEAP) with EAP (MSCHAP V2) and active directory users are successfully authenticated through ACS 5.1.

To Move further i need to configure the following things.

Dynamic VLAN assignment according to the users.

Condition 1:If guest will need to use company environment, on authentication it will be move in guest Vlan.

Condition 2:If user are not performed successful authentication it will be moved in auth-fail vlan.

Please Guide me in how we achive as i read in your last post you have successfuly complete this configuration with ACS 5.1.

Please note i am deploying 802.1X port based authentication.

Regards

-Rashid 

Actions

This Discussion