All Topics » Pulse Policy Secure



VLAN based on AD group


jro
Contributor (11)
Jan 31, 2014 6:40am

Hello everyone !

 

I'm new to this forum and I am currently training to implement an authentication service with Juniper UAC. I'm on Junos Pulse Access Control Service and I have a question : how to assign a VLAN according to the AD group of a user? My RADIUS client is a Cisco Catalyst 2950 and my AD server is already set up and connected to my UAC.

Thank you in advance for your response.

jro

 

P.S : sorry if I have not posted in the right forum ...




kalagesan
Contributor (11)
Correct Answer
Feb 5, 2014 2:50am

Hi Jro,

You have posted the query in right forum, I understand your query. I have tested this requirement and it works.

 

First you need to have active directory authentication server configured in IC. After that configure role mapping based on group mebership.

 

You can use UAC infranet controller for layer 2 802.1x authentication with radius return attribute policy for assigning VLANS based on the roles that the user gets.

 

Assigning static VLANs , open port and VLAN radius attributes are configurable in IC admin UI under network access.

Its up to to switch to decide assigning which VLAN based on the return attributes from IC ( radius server), 802.1x works only access port , if you make a port trunk , it will not work.

 

Hope this helps to resolve your issue.

 

Note: If I have answered your questions, you could mark this post as accepted solution, that way it could help others as well. Kudo will be a bonus thanks!

 

Regards,
Kannan

    kalagesan
    Contributor (11)
    Mar 5, 2014 3:26am

    Hi Jro,

     

    I am glad that my suggestion resolved your query

     

    Regards,

    Kannan