07-03-2013 07:48 AM
I'm trying to figure out how to dynamically assign a VLAN to a user connecting via an Ethernet port on an AP-93H (controller managed), and I'm struggling a bit.
I'm trying to mimic what happens on our switch ports, that is: a user plugs in, and if their device doesn't try and authenticate using 802.1X it falls back to transparent MAC auth and drops them onto a VLAN that contains a captive portal that presents setup instructions for configuring 802.1X - if it does 802.1X authenticate successfully, then the RADIUS server returns a VLAN depending on where the connection has originated.
In the wired-ap profile it seems I have to select either an access or trunk VLAN - I can't leave it blank and let RADIUS assign it. Is there an option somewhere that enables this? Is there any documentation that relates to what I'm trying to do that someone could point me at?
Lastly, if there's someone who has already done this, would you mind sharing the relevant bits of your config with me?
07-03-2013 05:04 PM
You'd need the port set as Trunk with any potential VLANs for the clients allowed on the trunk. Then, through the AAA profile assigned to the port, you'll assign MAC Server Group and Default MAC Authentication Role (and a VLAN and Captive Portal profile assigned to the role) as well as an 802.1X Server Group and Default 802.1X Authenticated role, which RADIUS can assign a VLAN to.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
08-06-2014 07:02 AM
I am not able to get the switch ports to talk to the Clearpass server when I plug in a port. I can see the failures in Clearpass if I do an auth test from the diag tab. Anyway you could send me a "cookbook" of what of need to configure on the switch to allow port authentication to clearpass work? Let me know.
08-06-2014 07:04 AM
08-06-2014 07:27 AM
Technical Engineering • Securian Financial Group
400 Robert Street North • St. Paul, MN 55101-2098
651-665-4653 (desk) • 651-395-1736 (mobile)
firstname.lastname@example.org • www.securian.com
Securian Financial Group – Financial security for the long run ®
This email transmission and any file attachments may contain confidential
information intended solely for the use of the individual or entity to whom
it is addressed. If you have received this email message in error, please
notify the sender and delete this email from your system. If you are not
the intended recipient, you may not disclose, copy, or distribute the
contents of this email.