Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VLAN based on AD group

SOLVED
Go to solution
jro_
New Contributor
‎01-31-2014 06:40:AM
‎01-31-2014 06:40:AM

VLAN based on AD group

Hello everyone !

 

I'm new to this forum and I am currently training to implement an authentication service with Juniper UAC. I'm on Junos Pulse Access Control Service and I have a question : how to assign a VLAN according to the AD group of a user? My RADIUS client is a Cisco Catalyst 2950 and my AD server is already set up and connected to my UAC.

Thank you in advance for your response.

jro

 

P.S : sorry if I have not posted in the right forum ...

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
kalagesan_
Super Contributor
‎02-05-2014 02:50:AM
‎02-05-2014 02:50:AM

Re: VLAN based on AD group

Hi Jro,

You have posted the query in right forum, I understand your query. I have tested this requirement and it works.

 

First you need to have active directory authentication server configured in IC. After that configure role mapping based on group mebership.

 

You can use UAC infranet controller for layer 2 802.1x authentication with radius return attribute policy for assigning VLANS based on the roles that the user gets.

 

Assigning static VLANs , open port and VLAN radius attributes are configurable in IC admin UI under network access.

Its up to to switch to decide assigning which VLAN based on the return attributes from IC ( radius server), 802.1x works only access port , if you make a port trunk , it will not work.

 

Hope this helps to resolve your issue.

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

View solution in original post

0 Kudos
3 REPLIES 3
kalagesan_
Super Contributor
‎02-05-2014 02:50:AM
‎02-05-2014 02:50:AM

Re: VLAN based on AD group

Hi Jro,

You have posted the query in right forum, I understand your query. I have tested this requirement and it works.

 

First you need to have active directory authentication server configured in IC. After that configure role mapping based on group mebership.

 

You can use UAC infranet controller for layer 2 802.1x authentication with radius return attribute policy for assigning VLANS based on the roles that the user gets.

 

Assigning static VLANs , open port and VLAN radius attributes are configurable in IC admin UI under network access.

Its up to to switch to decide assigning which VLAN based on the return attributes from IC ( radius server), 802.1x works only access port , if you make a port trunk , it will not work.

 

Hope this helps to resolve your issue.

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

0 Kudos
kalagesan_
Super Contributor
‎03-05-2014 03:26:AM
‎03-05-2014 03:26:AM

Re: VLAN based on AD group

Hi Jro,

 

I am glad that my suggestion resolved your query

 

Regards,

Kannan

0 Kudos
jro_
New Contributor
‎03-05-2014 05:15:AM
‎03-05-2014 05:15:AM

Re: VLAN based on AD group

Yes Smiley Happy Thank you !

 

jro

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.