Solved: vlan depend on user account

Amr Ibrahim Ali Henedi · ‎04-27-2014

i`m asking, is possible to assign the vlan depend on user account

i have a lot of sub nets and i need to link between user account and vlan,

the current solution is to divide the vlan on switches

Wassim Aouadi · ‎04-27-2014

I think you can use an ACS and the group membership feature. Search for Dynamic Vlan Assignment.

The idea is to map Windows groups (or Active Directory groups) to ACS groups. Whenever a user account logs in and is part of Windows_group_A, ACS will assign it to ACS_group_A, which has VLAN X assigned to it.

Check this link it may help

---

Please rate helpful posts

View solution in original post

Wassim Aouadi · ‎04-27-2014

I think you can use an ACS and the group membership feature. Search for Dynamic Vlan Assignment.

The idea is to map Windows groups (or Active Directory groups) to ACS groups. Whenever a user account logs in and is part of Windows_group_A, ACS will assign it to ACS_group_A, which has VLAN X assigned to it.

Check this link it may help

---

Please rate helpful posts

schaef350 · ‎06-02-2014

You can do this with Windows server and NPS server. Here are some attributes you can send over from NPS server to make this happen:

http://technet.microsoft.com/en-us/library/cc754422%28v=ws.10%29.aspx

Also, you will need the switches configured like this as well:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html#wp1207975

I hope that helps. Its certainly not a simple undertaking when using 802.1x but that is the best way to do it by user.

Be user to rate if this is helpful!

- Be sure to rate all helpful posts

Leo Laohoo · ‎06-02-2014

It's called 802.1x. And this is very much dependent on your LAN infrastructure. For example, don't expect 802.1x to work if you have 2950 switches.