Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Dot1x Tunnel-Private-Group-Id ACS4.0 with Wireless and Wired Users

Hi All,

We are running ACS Version 4.0 and currently use the Tunnel-Private-Group-Id function with our wireless network using 802.1x.

Now we are exploring the possibility of using dot1x with Wired users but have the problem of if we do try to authenticate the user, they are thrown into the Wireless VLAN.

My question is, is there any way of having more than one Tunnel-Private-Group-Id field? Or has anyone got any other suggestions?

Thanks,

Michael

4 REPLIES
Anonymous
N/A

Re: Dot1x Tunnel-Private-Group-Id ACS4.0 with Wireless and Wired

You can have more than one Tunnel-Private-Group-Id field because there are several tags possible in ACS. The problem is however that most Cisco Switches only support the first tag. I'm not quite sure about this but I've read it somewhere ...

New Member

Re: Dot1x Tunnel-Private-Group-Id ACS4.0 with Wireless and Wired

Hi, I have found how to do that now. I guess my next question is how differentiate between TAGS?

Any idea?

Silver

Re: Dot1x Tunnel-Private-Group-Id ACS4.0 with Wireless and Wired

Not sure this helps... but the Tunnel-Preference attribute allows you to set relative priorities for each tag (look it up so see if 0 is high or low - cant remember)

However, you should perhaps be using a NAP to distingish between wired and wireless LANs. This way you dont need to provision both services from the same group. Instead you create a RADIUS Auth Component for each service.

Darran

Anonymous
N/A

Re: Dot1x Tunnel-Private-Group-Id ACS4.0 with Wireless and Wired

355
Views
0
Helpful
4
Replies
CreatePlease to create content