Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x and wired dynamic vlans on MAC addresses

Hi All,

I would like to setup our new offices with dynamic vlans determined by the MAC address of the device connecting. So I need a database of MAC addresses in groups for which vlan they will go in, with separate vlans for printers and servers and computers and BYOD. If this can work for wireless too then even better.

I've done some reading but am really struggling to find the information I need.

We have a Windows domain and brand new 3850 Cisco switches.

 

Can anyone steer me in the right direction (or tell me how to do it!) please?

 

Thanks for reading.

Everyone's tags (1)
3 REPLIES

Hi, So you need to perform

Hi, 

So you need to perform MAB authentication. As you mentioned, you will need to create a DB of MAC entries.

In order to configure the Windows server (2003 or 2008?) to assign the dynamic VLAN you need to define the Remote Access Policies and create the custom attributes. For example:

  1. Tunnel-Medium-Type. Select a value appropriate to the previous selections you have made for the policy. For example, if the network policy you are configuring is a wireless policy, select Value: 802 (Includes all 802 media plus Ethernet canonical format).
     
  2. Tunnel-Pvt-Group-ID. Enter the integer that represents the VLAN number to which group members will be assigned. 
     
  3. Tunnel-Type. Select Virtual LANs (VLAN).

You can find more information here:

Configure a Network Policy for VLANs

VLAN Attributes Used in Network Policy

802.1X Authentication Services Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

 

HTH.

 

 

 

 

New Member

Thanks Javier, nice answer.

Thanks Javier, nice answer.

 

Will try it out soon, want to use it in our new offices in December and then roll it out across our 9 sites. 

 

 

 

 

Sounds like a plan my friend

Sounds like a plan my friend.

Glad to help.

154
Views
0
Helpful
3
Replies
CreatePlease to create content