Aruba & ProVision-based
1748204 Members
4158 Online
108759 Solutions
New Discussion

If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

 
ariiba
Regular Visitor

If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

Hello.
Is it possible to configure a switch with 802.1x authenticaton to do the following:
If computer is authenticated it shall be assigned a specific existing vlan on the switch, if not it shall use the static vlan configuration on that port.

 

4 REPLIES 4
TerjeAFK
Respected Contributor

Re: If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

Something like this if you're using Radius for authentication.

#Set selected authentication mode
aaa authentication port-access eap-radius server-group "Radius"

#Configure specified ports for authentication
aaa port-access authenticator 1-24

#Assign unauthenticated client VLAN to authenticator ports
aaa port-access authenticator 1-24 unauth-vid 2

#Assign authenticated client VLAN to authenticator ports
aaa port-access authenticator 1-24 auth-vid 3

#Activate authentication on assigned ports with configured options
aaa port-access authenticator active

 

ariiba
Regular Visitor

Re: If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

Thanks for replying.
I forgot to say that i use a radius server.

Will not your example place unauthenticated clients in vlan 2?
I want unauthenticated clients to use the static vlan already set on that port.

I only want authenticated clients to be assigned vlan X.

TerjeAFK
Respected Contributor

Re: If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

If that is what you want then just remove the "aaa port-access authenticator 1-24 unauth-vid 2" command, and use normal untag commands for the ports.

 

ariiba
Regular Visitor

Re: If 802.1x Authenticated use specific vlan . If not authenticated use static vlan configuration

Changing vlan automatic for the trusted computer works, however an untrusted gets Blocked by AAA.
As i mention before I want the untrusted computer to failback to the static untagged configuration on the switch.