Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 and dynamic VLAN assignment

I have installed ACS 5.1 in a test environment and would like to assign data- and voice-vlans dynamically. Currently I have about 60 data-vlans and even more voice-vlans.

Unfortunately I don't find neither an example nor explanations how to configure this.

Please can anyone provide infos such as either xamples, some documentations or at least a URL with the required infos.

I really appreciate very much any kind of support

Thanks in advance


Cisco Employee

Re: ACS 5.1 and dynamic VLAN assignment

Hi Roman,

You would do all this configuration under Policy Elements > Authorization and Permissions > Network Access > Authorization Profiles. You would likely need a different profile for each vlan that you want returned. The VLAN is selected on the "Common Tasks" page of each profile:

Once you have profiles configured for each vlan you want to return, edit your Access Policies and return the appropriate Authorization Policy based on whatever criteria you want (external user groups, network devices, etc).



New Member

Re: ACS 5.1 and dynamic VLAN assignment

Hi Nate,

Many thanks for your reply and sorry for not coming back earlier. I had a problem with my provider and therefore was out of service for the last few days.

In the meantime I found the solution by myself :-)

May I ask you another question:

I Have another customer running a WLC 4402/ ACS 5.1 to connect MACs wireless to the network. He is running 2 SSIDS (CASSIOPEIA, POLLUX) to separate the VLANs (CASSIOPEIA = VLAN_ID 25 for students, POLLUX 0 VLAN_ID 26 for teachers).

Now we would like to separate teachers and students using 802.1x. I tried several configs but unfortunately none of them worked correctly.

Can you give me some hints and tipps how to configure this szenario on the WLC as well as on the ACS ?

I really appreciate your support and thanks very much in advance


New Member

Re: ACS 5.1 and dynamic VLAN assignment

Hi rhub

I have installed ACS 5.1 and successfully integrate it with active directory. I have used EAP (PEAP) with EAP (MSCHAP V2) and active directory users are successfully authenticated through ACS 5.1.

To Move further i need to configure the following things.

Dynamic VLAN assignment according to the users.

Condition 1:If guest will need to use company environment, on authentication it will be move in guest Vlan.

Condition 2:If user are not performed successful authentication it will be moved in auth-fail vlan.

Please Guide me in how we achive as i read in your last post you have successfuly complete this configuration with ACS 5.1.

Please note i am deploying 802.1X port based authentication.