802.1x dynamic vlan

SOLVED
markboh
Conversationalist

802.1x dynamic vlan

Hey guys,

 

is it possible to configure a dynamic vlan allocation via RADIUS for wired clients?  If I configure a SSID on my access-points, I have the option "RADIUS override", to get the VLAN-ID from my RADIUS-Server. On my MS120 I can't find such an option. Do you know if the "RADIUS override" option (or something similar) is configurable for wired ports on a MS-Switch?

 

Thanks,

 

Mark

1 ACCEPTED SOLUTION
6 REPLIES 6
ww
Kind of a big deal
Kind of a big deal
markboh
Conversationalist

Thanks for your help. It wasnt clear for me that this function is automatically enabled. I will give a try 😉

Reference URL topic removed

Hi,

looks like the posted link is`nt available anymore?! 😐

Maybe somebody can help and share one that works?

thanks in advance and kind regards

Hi all,

 

You can find information on this link:

https://documentation.meraki.com/MS/Access_Control/MS_Switch_Access_Policies_(802.1X) 

 

Specifically for this post:

 

Dynamic VLAN Assignment
In lieu of CoA, MS switches can still dynamically assign a VLAN to a device by assigned the VLAN passed in the Tunnel-Pvt-Group-ID attribute. It may be necessary to perform dynamic VLAN assignment on a per computer or per user basis. This can be done on your wired network via 802.1x authentication (RADIUS). In order to do so, the following RADIUS attributes must be configured and passed in the RADIUS Access-Accept message from the RADIUS server.

  • Tunnel-Medium-Type: Choose 802 (Includes all 802 media plus Ethernet canonical format) for the Attribute value Commonly used for 802.1X. 
  • Tunnel-Private-Group-ID: Choose String and enter the VLAN desired (ex. "500")This string will specify the VLAN ID 500.
  • Tunnel-Type: Choose Attribute value Commonly used for 802.1X and select Virtual LANs (VLANs).

 Once these attributes are configured on the RADIUS server, client devices can receive their VLAN assignment dynamically.

 For more information on how to configure with NPS, visit Microsoft's article on Configuring a Network Policy for VLANs.

Dynamic VLAN Assignment is not supported on the voice VLAN/domain.

so it isn‘t necessary to enable CoA for the dynamic vlan assignment to work, correct? if so, why does this option than exist and where/when should or could it be used?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels