Wireless Access

Occasional Contributor I

Move Mobile devices to different VLAN.

Hi Guys.


The client is running a 7010 Controller OS 

Their corprate network uses 802.1x Auth to radius on AD. 

They want to make it so that if a mobile device auths to the radius it must push that mobile device to a different VLAN. and not go on to the corp network. 

Is it possible to do that or must a person use clearpass for that?

Any help will be apreciated.





Re: Move Mobile devices to different VLAN.

There is quite a few ways to do this, depending on how your environment is set up. You can specify a VLAN within a User Role. An attribute returned from the RADIUS server to the controller can used to determine the User Role assigned to the client. So depending on your AD structure, this maybe possible.



You can also do this via DHCP Finger printing:




You can also configure the AAA dot1x profile to assign a User Role to client if they have passed User Authentication, Machine Authentication or both User and Machine authentication.


*edit - See p240 of the below guide.Machine Authentication Default User Role / Machine Authentication Default Machine Role



If my post addresses your query, give kudos:)
Occasional Contributor I

Re: Move Mobile devices to different VLAN.



Thanks for the quick repsonce. 

We will look into those when we get the chance.



Search Airheads
Showing results for 
Search instead for 
Did you mean: