From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Thu Aug 12 2004 - 05:58:47 GMT-3
Geert,
Here are the RADIUS attributes that need to be enabled:
[64] Tunnel-Type
[65] Tunnel-Medium-Type
[81] Tunnel-Private-Group-ID
If you are using Cisco ACS, you will need to enable the above
RADIUS attributes under "Interface Configuration --> RADIUS (IETF)".
You will see the option to enable them on a single user or group basis.
Once these are enabled, go to the particular user or group and for
Tunnel-Type Tag1 select "VLAN" from the dropdown menu. For
Tunnel-Medium-Type Tag1 select "802" from the dropdown menu. Lastly for
Tunnel-Private-Group-ID Tag1 type in the VLAN name. As a side note, the
VLAN name is case sensitive.
Be sure to enable "aaa authorization network default group
radius" to allow the VLAN to be dynamically assigned.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Geert Nijs
Sent: Thursday, August 12, 2004 1:08 AM
To: ccielab@groupstudy.com
Subject: dot1x authentication with vlan assignment
Does anyone know some GOOD documentation about this ? And how to set it
up using Cisco ACS...
I have looked in the doc CD , but documentation is limited to:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550s
cg/sw8021x.htm#wp1095811
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12120ea2/3550s
cg/swauthen.htm#wp1091725
Geert Nijs
Service Engineer
Networks Lan/Wan
CCIE #13729, HPCP, MCP
########################################################################
#############
This e-mail and any attached files are confidential and may be legally
privileged.
If you are not the addressee, any disclosure, reproduction, copying,
distribution,
or other dissemination or use of this communication is strictly
prohibited.
If you have received this transmission in error please notify Simac
immediately
and then delete this e-mail.
Simac has taken all reasonable precautions to avoid virusses in this
email.
Simac does not accept liability for damage by virusses, for the correct
and complete
transmission of the information, nor for any delay or interruption of
the transmission,
nor for damages arising from the use of or reliance on the information.
All e-mail messages addressed to, received or sent by Simac or Simac
employees
are deemed to be professional in nature. Accordingly, the sender or
recipient of
these messages agrees that they may be read by other Simac employees
than the official
recipient or sender in order to ensure the continuity of work-related
activities
and allow supervision thereof.
########################################################################
#############
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:42 GMT-3