Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How does Radius work when trying to assign VLANs and ACL?

Hello and thanks for reading this post.

I have a small network that has a Cisco Switch for 24 connections, a Cisco router to mediate trafic between VLANS and VPN access from the Internet and other networks to the local network. And have an wireless AP. Router connects trunk to the switch, the AP connects to the switch.

I been requested to configure Radius security. I thought of segmenting the network on vlans and grant access between them acording to the user credentials (Router rules).

I am using a Windows Server NPS as the Radius Server.

Then I want to control access with Radius if you connect to the AP, the Switch, or the Router from Internet. 

Say I have 3 Vlans 1,2,3 and got users that have user groups that can access differents VLANS:

Goup 1 access VLAN 1 and 2

Goup 2 access VLAN 1 

Goup 3 access VLAN 1 and 3

Goup 4 access VLAN 1,2 and 3


I think that if a user connect to the AP I can asign a VPN but how do I apply the router ACL that will connect/limit the traffic of the user with the other VLANs. 

Same question comming from the switch.

¿Or the user is validated in each network device so that each device applies the expected rules (VLAN assignament and router ACL) for the user. This means the user has to make many Radius validations to navigate the network?

If the Domain user i the one requested by the Radius and my machine is connected to the Domain, Will Radius make the authentication without prompting the user?

Another doubt: ¿Is there a way to use Radius to limit user access to certain machines in the same VLAN, say a server?

Thanks for any answer or help on this issues that I am having trouble to find answers to.


Everyone's tags (1)
CreatePlease login to create content