Dynamic VLAN Assignement via ACS and Active Directory
Is it possible to manage IETF Radius Attributes for a user or a user group in a Windows Active Directory Database in the case of an installation of Cisco Secure ACS v3.2 with an externally user database (Active Directory).
My Idea is to manage only one user database (active directory) to assign a user a VLAN in Wireless technology (Radius Attributes 64,65 and 81).
What else do I have to configure in ACS (than the externally user database) or in Active Directory ?
Re: Dynamic VLAN Assignement via ACS and Active Directory
I have just had the opportunity to deploy this very scenario.
Yes, as you say, you need IETF Radius Attributes 64,65 and 81 enabled for Groups. The you need under Interface Configuration, Advanced options to makes rue that you have ticked the following:
Per User Tacacs+/Radius Attributes
User Level Network Access Restrictions#
Group Level Shared Network Access Restrictions
Group Level Network Access Restrictions
Then the 64,65, and 81 Attributes show up in the Group Setup section. Check these and then for either Tag 1 or Tag 2 (you can change the default to see more tags) choose, VLAN, 802 and then a VLAN ID number in each respective section. Do this for each VLAN group you want to deploy.
Then, External User Databases, Unknown User Policy, check external databases to verfiy your domain/s AD, then in Database group mappings, create a profile for each of your domains, assigning a particular NT/2000 user group/groups to a particular ACS group, which tne maps to a particular VLAN (the Radius attributes stuff above)
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...