Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS + quarantine VLAN

Hello together

We have in our company two cisco ACS servers for the WLAN authentication via RADIUS. The User-Management is on a Microsoft Windows Server 2003 Active Directory Domain. All Access-Ports are on layer 2 (2960) switchs. The backbone consists of 4507 devices. All uplinks are layer 3 connections. Each 4507 is VTP-Server for the access switchs. So it?s impossible to crate a VLAN over more than 1 core switch. Now to my question. I want to create a quarantine VLAN for all devices which are not registered in the AD or on an other database e.x. ACS. The quarantine VLAN should have only internet access. Guests can authenticate on the ACS Server with an account to access to the LAN. Are these features possible with ACS servers? Are there any document with more information and instructions? Thank you for your help.


Re: Cisco ACS + quarantine VLAN

Look into dot1x authentication. Fore internet access only you'll need to get creative with Policy based routing/ACL's.

HTH and please rate.

New Member

Re: Cisco ACS + quarantine VLAN

Thank you for your answer. I think there are some problems with IEEE 802.1x authentication. For example: If a port is in the unauthorised state no traffic is allowed excepting 802.1x frames. If I use EAP a PXE boot is impossible because no user is logged in at the workstation at the boot time.

Thank you.

CreatePlease login to create content