Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

dynamic vlan assignment via 802.1x

Go to solution
Mike Tupker

dynamic vlan assignment via 802.1x

i'm trying to setup port based authentication in a lab environment. I seem to have everything working (PKI, IAS 2003, provurve 2524, AD). I have one lingering question. Everything I've been looking at so far seems to indicate that the extent of the vlan assignment abilities are either authenticated or unauthenticated. In other words, it seems that there are only one or two vlans that can be used with port based authentication.

I would like to setup a guest vlan for un-authenticated user, and I would like the authenticated users to be assigned to a vlan based on securtiy group. For example, admissions should go to vlan 4, factulty should go to vlan 3, IT should go to vlan 7. Is this sort of thing possible, or do can I only use two vlans when it comes to 802.1x.

Thanks in advance.
Jeff Carrell
Honored Contributor

Re: dynamic vlan assignment via 802.1x

you can certainly have auto-vlan assignment via radius config parms and the switch upon a successful auth...

however, it requires 3 radius attributes to be configured for each radius profile you config (admin, faculty, etc)...

see this section for some of the info:

the 3 radius attributes to set in each radius profile are:

Tunnel-Pvt-Group-ID - you config a dec value for the vlan number

these are set under the advanced tab of the radius profile you are editing...

here is another good ref for the microsoft side of the config:

Mike Tupker

Re: dynamic vlan assignment via 802.1x

That worked great! Thanks.