cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Highlighted
Here to help

Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

I'm trying to setup wired RADIUS Auth to dynamically assign a VLAN based off of the user (for content filtering). 

 

There may be a better way to do this...

 

I've managed to get the machine to authenticate but it won't let the machine access the server from the new VLAN... whenever the user logs in it cannot access the file server on the default infrastructure VLAN (1).

 

I've attached an access port policy from the switch.

 

You'll probably need more info, but I don't know what you need to know... ask away!

12 REPLIES 12
Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Trying to make it so that the shared PCs can be used by staff and students and have a separate policy assigned based on the user logged in. (more relaxed for staff).
Highlighted
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Thanks for the reply. I've gone through all of these and it still isn't working... it's almost as if the access port is stopping the client machine from being able to talk to the default VLAN... it's my first time trying to get this to work...
Highlighted
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Can you provide a screenshot on how you have one of the ports configured, and your access policy setup
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Also, you using NPS or ISE or something else?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Screenshot 2019-08-15 19.34.57.pngScreenshot 2019-08-15 19.35.34.png

Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

when I login as a student user the machine is placed in VLAN 40 (student VLAN)
Highlighted
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

How do you have your radius side setup?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Highlighted
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

Does the switch report the user is being placed in the correct VLAN?  If so - that is the end of that part of the puzzle.

 

The next question is what is doing the inter-vlan routing for the two VLANs?  Do they they have any access rules limiting the traffic?

Highlighted
Here to help

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

it doesn't report there user... it reports the machine name but it is in the correct VLAN...

 

I haven't set any explicit rules to block anything, I wasn't;t sure if something was blocked automatically or how to stop it from being blocked...

Highlighted
Kind of a big deal
Kind of a big deal

Re: Wired Authentication via RADIUS for Dynamic VLAN tagging based on user logged in

the new vlan has a Layer3 interface?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.