Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x Win supplicant + NAC-L2-IP != VLAN ?

Hi,

has anyone an idea how to "activate"

VLANs, when using Windows supplicant for

802.1x and NAC-L2-IP?

I know that normally NAC-L2-IP don't support VLANs, but maybe someone figured out a method ?

with regards

harry

2 REPLIES
New Member

Re: 802.1x Win supplicant + NAC-L2-IP != VLAN ?

Hi Harry

Could you please describe your setup a bit more?

I don't know if this answers your question but:

When using switch and 802.1x supplicant you can define VLAN per group or per user on the RADIUS server.

You will need to configure the following on the RADIUS server:

- "Tunnel Medium Type" = 802

- "Tunnel Type" = VLAN

- "Tunnel-Pvt-Group ID"= **NAME of the VLAN - Not Number***

Works with both IAS and ACS and the built in 802.1x supplicant in XP.

This though I've only used in L2 Networks (switches)

Greetings

Jarle

New Member

Re: 802.1x Win supplicant + NAC-L2-IP != VLAN ?

Hi Jarle,

thanks for your answer.

Your method is correct and will work if you only implement 802.1x.

But in my case, i will do NAC-L2-IP after 802.1x.

Example:

802.1x is fulfilled and the switch put me in the quarantine VLAN. (quarantine because there was no posture validation yet)

Now the Client is doing NAC-L2-IP.

The problem is, i can't change the VLAN after a healthy posture validation, because NAC-L2-IP doesn't support VLANs.

So it doesn't matter if the client is healthy or not, i can't put him into my production VLAN.

It works with the CTA including the supplicant,

but i wanna find a method for Windows supplicant and CTA.

best regards

harry

251
Views
0
Helpful
2
Replies
CreatePlease to create content