locked
User Authentication w/o VLAN Assignment RRS feed

  • Question

  • I have a couple of network policies using computer groups as conditions in order to assign VLANs.  I also want to use policies for user authentication but using any RADIUS attributes (VLAN stuff).  VLANs would only be assigned during the computer authentication.  I can't seem to get this to work.  NPS validates the user but the user does not get an IP address.  Is this doable using NPS?  If so, how?

    By default, only "framed-protocol" (PPP) and "service-type" (Framed) RADIUS attributes are automatically configured.  When I keep these two on the user policy, it doesn't work.  When I remove these two attributes, it also doesn't work.

    The only reason I want to do this is so that I don't have to have multiple user policies w/ VLAN assignment rules.  I just want one user policy to authenticate user accounts.

    Help?

    Thanks a bunch.

    Sunday, June 19, 2011 4:10 PM

Answers

  • Hi John,

     

    Thanks for posting here.

     

    Have you consider to create a policy that redirect all computers to a special default VLAN when NO user logon and will also be redirected to other VLAN base on the user account when logs on that computer. This can be achieved by creating different polices which assign the user group and VLAN number that these account should be redirected to:

     

    How to enable computer-only authentication for an 802.1X-based network in Windows Vista, in Windows Server 2008, and in Windows XP Service Pack 3

    http://support.microsoft.com/kb/929847

     

    Configure NPS for VLANs

    http://technet.microsoft.com/en-us/library/cc731649(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, June 21, 2011 9:48 AM