Switches, Hubs, and Modems
1747970 Members
3519 Online
108756 Solutions
New Discussion юеВ

dynamic vlan assignment via 802.1x

 
SOLVED
Go to solution
Mike Tupker
Advisor

dynamic vlan assignment via 802.1x

i'm trying to setup port based authentication in a lab environment. I seem to have everything working (PKI, IAS 2003, provurve 2524, AD). I have one lingering question. Everything I've been looking at so far seems to indicate that the extent of the vlan assignment abilities are either authenticated or unauthenticated. In other words, it seems that there are only one or two vlans that can be used with port based authentication.

I would like to setup a guest vlan for un-authenticated user, and I would like the authenticated users to be assigned to a vlan based on securtiy group. For example, admissions should go to vlan 4, factulty should go to vlan 3, IT should go to vlan 7. Is this sort of thing possible, or do can I only use two vlans when it comes to 802.1x.

Thanks in advance.
2 REPLIES 2
Jeff Carrell
Honored Contributor
Solution

Re: dynamic vlan assignment via 802.1x

you can certainly have auto-vlan assignment via radius config parms and the switch upon a successful auth...

however, it requires 3 radius attributes to be configured for each radius profile you config (admin, faculty, etc)...

see this section for some of the info:
ftp://ftp.hp.com/pub/networking/software/2300-2500-RelNotes-f0560-59903102.pdf

the 3 radius attributes to set in each radius profile are:

Tunnel-Type
Tunnel-Medium-Type
Tunnel-Pvt-Group-ID - you config a dec value for the vlan number

these are set under the advanced tab of the radius profile you are editing...


here is another good ref for the microsoft side of the config:
http://www.microsoft.com/downloads/details.aspx?FamilyID=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en


hth...jeff
Mike Tupker
Advisor

Re: dynamic vlan assignment via 802.1x

That worked great! Thanks.