Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1x default VLAN


I am trying to set up 802.1x on a Catalyst 4006 with a Supervisor III module with IOS 12.1(12c)EW1. I am using Cisco Secure ACS 3.0(2) Build 5 for my Radius server. I'm using the Windows 2000 802.1x hotfix for my 802.1x client software. My goal is as follows:

If USER1 gets authenticated, authorize them to access VLAN 10.

If USER2 gets authenticated, authorize them to access VLAN 20.

If someone tries to logon to the network without the 802.1x Client, authorize them to access VLAN 30.

I have been able to get USER1, and USER2 onto their correct VLANs, but I have been unable to setup a default VLAN for unauthenticated/unauthorized users to be able to access. The only thing I have been able to do is Force Authorization on to VLAN 30 for all users, but then I am unable to assign USER1 or USER2 to their correct VLANS because when I turn on Force Authorization, the switch ignores the client requests for authorization, it just automatically throws them onto VLAN 30.

The reason I would like to do this is so that we can assign known users onto the VLANS we want them to access, and we want to throw unknown users onto VLAN 30. We want to allow unknown users access to the internet because we have outside venders teaching classes on our campus, and we can't be guarenteed that they will have 802.1x on their laptops, but they will still need to access the internet to teach their classes.

If more information is needed (how we have the switch configured now) or I have not been very clear in what I need, let me know. Any help would be greatly appreciated.

Jeremy Zanitsch


Re: 802.1x default VLAN

From you question I understand that you want a procedure to authenticate unknown user, may be the following URLs could give you some ideas.

CreatePlease to create content