cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN assignment with DHCP reservations

tgatewood_
Occasional Contributor

VLAN assignment with DHCP reservations

I have a question about UAC that has been stumping me for a while. If I have multiple user VLANs and PCs configured with static DHCP reservations, is it possible to send the VLAN in the auth message to the switch somehow? For example, PC A is in 192.168.100.0/24 (VLAN 100) and PC B is in 192.168.101.0/24 (VLAN 101), both PCs have a DHCP reservation in their respective subnet.. Each PC has a machine certificate and will use that to authenticate to the switch port. The question is how do I tell the switch which VLAN to assign based in which address that PC is statically assigned to? In this case, it is a Cisco switch, Infoblox for DHCP and Juniper IC. Can IF-MAP or some kind of RADIUS proxy to the Infoblox server relay VLAN information while still using the machine certificate to authenticate?

Thanks for any help you can provide!
3 REPLIES 3
kalagesan_
Super Contributor

Re: VLAN assignment with DHCP reservations

Hi Tgatewood,

 

I understand your requirement, you requirement is supported in UAC.

 

VLAN assignment can be done  by sending the VLAN ID or VLAN radius attributes  as part if radius return response attributes. This is configurable option availble in UAC IC device.

 

You can either send directly VLAN ID information to the switch based on the role that a user gets or you can send the VLAN radius attributes to the switch as part of the radius response.

 

The option is availble in IC admin GUI under UAC>Network access>RADIUS Return Attributes Policies.

 


Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

 

tgatewood_
Occasional Contributor

Re: VLAN assignment with DHCP reservations

Thanks for the response Kannan. Your solution looks like a static assignment by mapping these PCs to roles. This wouldn't scale to multiple machines with different VLAN assignments. In the example, I only said PC A and B but what if there were a hundred or even a thousand, how would I be able to do this dynamically based on data that is in the DHCP server?
kalagesan_
Super Contributor

Re: VLAN assignment with DHCP reservations

Hi ,

 

Instead of directly specifying the VLAN ID, you can send VLAN  radius attributes  from IC to Switch. THis is possible from IC where IC can send VLAN attributes to the switch  and the Switch can understand the VLAN radius attributes and assign VLAN based on the value in the received attributes for the PC's belongs to respective roles. 

 

Based on VLAN assignement, Switch ( if its L3 switch & configured as DHCP relay agent )can forward DHCP requests to DHCP server to get the respective IP subnet.I have tested this setup in my lab and it works as expected

 

Regards,

Kannan