Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How to supersede machines VLAN assigned by 802.1x

Hi,

I'm working in a NAC lab where I wish assign a VLAN via 802.1x during machine boot using machine authentication only in CTA. After that when an user logs into that machine I want to assign an user based VLAN even thought switch port is already authorized. Is there any solution for that?

Thanks in advanced,

Alberto

5 REPLIES
New Member

Re: How to supersede machines VLAN assigned by 802.1x

Hi Alberto,

Yes. You can do that with Cisco ACS. Firstly add the computer name registered in the AD domain into a group. Map the group in ACS and user in another group. Follow the user guide on how to assign dynamic vlan and you should be able to get it to work.

My problem is without machine authentication but allow user to logon first time on the machine. It seem in ACS, the user need to have his credential cached locally before he can logon into the network. Anyone able to overcome it?

Thx.

Cheers,

Phoon

New Member

Re: How to supersede machines VLAN assigned by 802.1x

Phoon,

I think that might work with 802.1x native Windows supplicant, however I have been deploying 802.1x supplicant version of CTA. After a successful posture validation I'm not being able to supersede healthy VLAN with the machine VLAN nor supersede healthy VLAN with user VLAN. In ACS Reports and Activity I can see both machine and users are being successfully authenticated but their profiled VLAN are not being used. Any ideia?

Thanks,

New Member

Re: How to supersede machines VLAN assigned by 802.1x

Hi Alberto,

It definitely works on native Windows as I have it in production. I'm not familiar with CTA but I thought it should work on the same principle. I suggest you first test out on pure Windows XP supplicant to confirm the VLAN assignment is working. After that read carefully on the CTA part and whether XP setting is required.

My two cent's thought.

Cheers,

Phoon

New Member

Re: How to supersede machines VLAN assigned by 802.1x

Phoon,

I will follow you advices. Any good news I will get in touch.

Thank you very much,

Alberto

New Member

Re: How to supersede machines VLAN assigned by 802.1x

Thanks. Plse rate accordingly whether the suggestion is workable.

Cheers,

Phoon

190
Views
3
Helpful
5
Replies
CreatePlease to create content