03-08-2018 02:58 AM
The client is running a 7010 Controller OS 18.104.22.168.
Their corprate network uses 802.1x Auth to radius on AD.
They want to make it so that if a mobile device auths to the radius it must push that mobile device to a different VLAN. and not go on to the corp network.
Is it possible to do that or must a person use clearpass for that?
Any help will be apreciated.
Solved! Go to Solution.
03-08-2018 03:42 AM - edited 03-08-2018 04:02 AM
There is quite a few ways to do this, depending on how your environment is set up. You can specify a VLAN within a User Role. An attribute returned from the RADIUS server to the controller can used to determine the User Role assigned to the client. So depending on your AD structure, this maybe possible.
You can also do this via DHCP Finger printing:
You can also configure the AAA dot1x profile to assign a User Role to client if they have passed User Authentication, Machine Authentication or both User and Machine authentication.
*edit - See p240 of the below guide.Machine Authentication Default User Role / Machine Authentication Default Machine Role
ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)