802.1x - Dynamic VLAN assignment?

latintrpt
Getting noticed

802.1x - Dynamic VLAN assignment?

Hi there,

 

I have a requirement that I need to meet where if I have a client that plugs into the wired network, that they are placed on the correct VLAN based off their MAC address, certificate, or the OUI of their MAC address.  I have MS250-48FP switches that these devices will be plugging into.  There is another tech that will be working on the radius side of things, but I was wondering if this was possible on Meraki and if I need to do anything on Meraki side to get this to work.

 

Thanks,

3 Replies 3
ww
Kind of a big deal
Kind of a big deal

You need to configure a switch access policy. And assign that to the switchports  that need 802.1x

 

Documentation 

 

latintrpt
Getting noticed

Thank you.

 

Which access policy type would be most relevant for my situation of wanting to authenticate based on MAC address and certificates?

 

 

Brash
Kind of a big deal
Kind of a big deal

You'll want to build an access policy that uses RADIUS and 802.1x.

For all the other configurables, have a look at the doc @ww provided and make a call on what suites your environment best.

 

As for the auth based on device certificate and MAC address, those policies are configured on the RADIUS server as it will be performing the checks. It will then return and pass or fail, along with the corresponding vlan attribute for that device to be placed in.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels