Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Authenticate Users with ACS 4.0 to use specific VLAN

I have multiple wireless networks. I am building a guest wireless network. I would like to assign a guest a username password. When the guest connects to the SSID (guest network) they are prompted for username password and assigned the correct guest vlan.

I am thinking I should be able to define a unique group in ACS 4.0. The unique group will only be allowed or assigned guest vlan access. Guests to the network will be associated to the guest vlan.

I haven't been able to figure out how to associate a username account with a vlan assignment.

6 REPLIES
Cisco Employee

Re: Authenticate Users with ACS 4.0 to use specific VLAN

I think this might help you:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c9bd1.shtml

This uses the group to the vlan assignment but you can certainly assign this Guest user to a Guest Group :)

New Member

Re: Authenticate Users with ACS 4.0 to use specific VLAN

I the found document you referenced earlier. I have read it again and researched a little more. The ACS options the doc references are available in ACS v4.1. I am running v4.0. Options such as Cisco Airspace Radius and Aironet Radius are not available in v4.0.

v4.0 has Cisco IOS Radius Attriutes (sub category - cisco-av-pair) and IETF Radius attributes. There are others but I can't help but think these categories might be used to solve my problem.

Cisco Employee

Re: Authenticate Users with ACS 4.0 to use specific VLAN

I believe that as long as you use Radius IETF you will be ok with using this link. Why don't you give it a shot

New Member

Re: Authenticate Users with ACS 4.0 to use specific VLAN

I am not sure where or how to add the vlan assignment request. There are a number of different options under the IETF section. I have attached a cut/paste of the options.

Cisco Employee

Re: Authenticate Users with ACS 4.0 to use specific VLAN

Ok, I think I did not explained myself.

ACS uses a type of radius to define its aaa client, in the case of using wireless controller, you would tipically define Aironet Radius type. This will enable you some of the wireless attributes. Now since your ACS does not support and contain the Aironet Wireless Radius Attributes, first you would need to define your AAA client (access point or wireless controller) with the IETF Radius client attributes.

Then using Cisco Vendor Specific Attributes you can define Vlan type and all of the attributes that the document uses.

If this is too complex or confusing, you can always contact the TAC to get assistance on this.

New Member

Re: Authenticate Users with ACS 4.0 to use specific VLAN

Thanks for the help. I should (and will) probably open a case.

203
Views
4
Helpful
6
Replies