Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Assign building-specific VLAN via 802.1X vlan assignment

Hi all

We plan to implement 802.1X. We have several departments. Each department is using several VLANs, depending on which building the machine is.

If a machine/user from department A connects in building A, it should receive VLAN 10 via 802.1X vlan assignment. If the same machine/user connects in building B, it should receive VLAN 20.

Is this possible with 802.1X vlan assignment?

Many thanks

regards

Stefan

2 REPLIES
Silver

Re: Assign building-specific VLAN via 802.1X vlan assignment

I think it is possible.For this, the authentication should be based on the user, not based on the VLAN he connects. For detailed information on configuring IEEE802.1x port based authentication on switches, you can view the following URL

http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a0080476298.html

Let me know, if you have any further doubts on this.

New Member

Re: Assign building-specific VLAN via 802.1X vlan assignment

Stefan- It is possible if you use the VLAN name instead of the vlan #. That means you will just have to be consistent with your Vlan names for each location. So lets say you set up authenticated users to go to the "AuthUser" vlan. On your switches you would set up:

AuthUser=vlan 10 in Bldg A

AuthUser=vlan 20 in Bldg B

etc...

Just know that if someone unknowingly changes the vlan name on the switch that it will break dot1x, so make sure your fellow engineers know the significance of the name.

Good luck with your implementation!

147
Views
0
Helpful
2
Replies
CreatePlease to create content