Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Assigning a VLAN to an AD authenticated 802.1x user/computer

How do I configure our ACS 4.0 server (and 2950 switch) to assign an 802.1x authenticated user to a specific vlan based on the AD group that the user is a member of in the Windows Domain?

Example, Joe.Schmoe is an AD member of the group 'Sales' which is defined as well in the ACS under External user DB, DB Group Mappings, Windows DB, Domain Configs, NT Groups. How can I configure the ACS to assign Joe's 802.1x authenticated switchport to be assigned to a specific vlan?

1 REPLY
Bronze

Re: Assigning a VLAN to an AD authenticated 802.1x user/computer

Hi,

One of the ways this can be done is by utilizing the Network Access Profiles features.

Have a look at http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e984.html for more details on how to configure one. VLAN Assignment is done in the authorization section. Remember you need to configure the 2950 to do authorization as well for the VLAN assignment to work!

Although this document describes NAC as well, the NAC bits are optional!

Regards,

Erik

139
Views
0
Helpful
1
Replies
CreatePlease to create content