Assign building-specific VLAN via 802.1X vlan assignment

Hi all
We plan to implement 802.1X. We have several departments. Each department is using several VLANs, depending on which building the machine is.
If a machine/user from department A connects in building A, it should receive VLAN 10 via 802.1X vlan assignment. If the same machine/user connects in building B, it should receive VLAN 20.
Is this possible with 802.1X vlan assignment?
Many thanks
regards
Stefan

Stefan- It is possible if you use the VLAN name instead of the vlan #. That means you will just have to be consistent with your Vlan names for each location. So lets say you set up authenticated users to go to the "AuthUser" vlan. On your switches you would set up:
AuthUser=vlan 10 in Bldg A
AuthUser=vlan 20 in Bldg B
etc...
Just know that if someone unknowingly changes the vlan name on the switch that it will break dot1x, so make sure your fellow engineers know the significance of the name.
Good luck with your implementation!

Similar Messages

  • AP-grouping and SIte-Specific Vlan's question

    Hi Friends,
    I was wondering if Site-specific Vlan's can be implemented on Guest-vlans where SSId's are anchored to Anchor-controllers from main controllers.
    I will appreciate any inputs.
    Thanks
    JAy

    Unfortunately I don't believe this can be done. I've run in to this question before at least one other time.
    Basically, AP Groups (inteface assignment) only work for the clients local to that controller. Once you hit an "anchored wlan" you are not using the interface assigned by the AP group.
    As an anchored client, you are not seen as connected from a particular AP, but instead are see as a client from the foreign controller.
    Your only option would be to create multiple SSIDs and map each SSID on the anchor controller to the required vlan. You could use AP groups (wlan override) to specify which guest ssid you want on a particular AP, but I think thats your only option
    Perhaps if you were anchoring a client doing 802.1x, you could pass interface/vlan parameters that way, but it wouldn't work for a typical "webauth guest user"

  • Sending specific Vlan across wireless bridge

    Hello All,
    I would like to know how I can send a specific VLAN across a wireless bridge.  Currently, we have a building across the street from our main office that's connected via a wireless bridge (no physical cabling).  One of the switches in building 1 has a port in VLAN 206 (10.20.6.0/24) which connects to the wireless bridge (10.20.6.3) on that building.  The wireless bridge in building 2 is 10.20.6.4 and connects to a router on the same subnet.  So both bridges, the switch in building 1, and the router in building 2 are all on the same subnet.  I need to send VLAN 60 across this wireless bridge so that the workstations in building 2 can go out to the Internet.  As a side note, VLAN 60 is unrouted and is it's own subnet which has it's own firewall and web filter.  My thought on this is that if I can get the wireless bridges to send VLAN 60 to building 2, then all I would need to do is add the workstations to that VLAN on the switch in that building and all should be well.  I'm just not sure what I need to configure on the bridges and how building 2 should be configured seeing that the 2nd bridge connects to a router instead of a switch.  Any tips, suggestions, and help would be great!
    Thanks,
    Terence                  

    assume that i have two bridges Br-root , and Br-nonroot and i want to send traffic from multiple vlans across the wireless link, all you need to have is infrastructure-ssid on the native vlan. Then define the required subinterfaces on both radio and ethernet of root and non-root.
    Example: ( vlan 1 , 2 , and three )
    Root(config)#dot11 ssid test             
                     #authentication open
                     #vlan 1
                     #infrastructure-ssid
                    #exit
    Root(config)#interface dot11radio 0
                     #ssid test
                     #station-role root bridge
                     #no shut
                    #exit
    Root(config)#interface dot11rdio0.1
                     #encapsulation dot1q 1 native
                    #bridge-group 1
                   #exit
    Root(config)#interface dot11rdio0.2
                     #encapsulation dot1q 2
                    #bridge-group 2
                   #exit
    Root(config)#interface dot11rdio0.3
                     #encapsulation dot1q 3
                    #bridge-group 3
                   #exit
    Root(config)#interface fa0.1
                     #encapsulation dot1q 1 native
                    #bridge-group 1
                   #exit
    Root(config)#interface fa0.2
                     #encapsulation dot1q 2
                    #bridge-group 2
                   #exit
    Root(config)#interface fa0.3
                     #encapsulation dot1q 3
                    #bridge-group 3
                   #exit
    for the non-root , same config but the station-role should be non-root
    Enjoy

  • Problem switching from AP-specific to Group-specific VLAN mapping

    Hello.
    Some days ago, I updated our 5508 WLC to software version 7.5.102.0.
    With that version, it should be possible to have a VLAN mapping specific for a Flexconnect group that is set within Flexconnect Group settings.
    I did that for all my Flexconnect groups and it works fine with new access point.
    For existing access point, which already have an AP-specific VLAN mapping, it is not possible to switch to Group-specific.
    When I mark the WLAN in Flexconnect setting of the AP and select "Remove AP specific", I get the error message "Request failed: Vlan is not enabled on this flexconnect".
    I wonder what the problem could be, because for newly installed access points, it works fine. Did I miss some settings?
    Regards,
    Sven Lindeke

    Thanks for the fast reply.
    Here are the screen shots:
    Settings "Flexconnect group"
    Settings "Access Point"
    Error message

  • FWSM can not show sessions in xlate between two specific vlans

    Dear Experts ,
    I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28)  to other vlan (172.16.1.16/28) , I can not see the established sessions  in "show xlate debug" output ! although I can see these sessions from capture !  the two subnets are separate , two different /28.
    I can see the session established from the remaining interface vlans with same security level toward  172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ? please advise
    Regards

    Red1,
    Need to make sure the packets are arriving on the correct interface.  Need to grab captures and the debug level syslogs at the same time. Hope you are not running into the xlate limitation of the module.
    Pls. check the limitation link here:
    http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1056716
    -Kureli
    https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
    Upcoming Live Webcast in English: January 15, 2013
    Troubleshooting ASA and Firewall Service Modules
    Register today: http://tools.cisco.com/squish/42F25

  • NBAR configuration for specific Vlan to throttle youtube

    I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.
    vlan IP 192.168.30.0/24
    websites *youtube* *facebook* *fbcdn*
    Thank you all for your support and assistance.
    Mike

    Hi ,
    The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :
    ip access-list stan ACL-VLAN30
      permit 192.168.30.0 0.0.0.255
    class-map match-all ALL-SOURCES
      match no access-group name ACL-VLAN30
      match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
    class-map match-all POLICE-WWW
      match access-group name ACL-VLAN30
      match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
    Dan

  • Deploy operating system on specific VLAN

    Hello,
    I need to cunfigure our SCCM 2012R2 for deploying operating system on specific VLAN. 
    I think that I need to configure DHCP server with PXE on SCCM server. After that, how can deploy operating system just for this VLAN? I can't find any tutorial for this scenario :(
    Thank you.

    OK, assuming your need has nothing to do with setting up PXE then, you're only concerned about the
    availability of the task sequence, and you want to limit it from Software Center while also being able to image new machines, then here is what you can do:
    1. You need to have an IP address range that covers the VLAN regardless or you won't get any content.
    2. For existing clients, create a query-collection for clients that fall within the IP range/subnet of the VLAN and deploy the task sequence just to that collection
    3. For new machines, be sure to deploy the task sequence to the All Unknown Computers collection

  • Use of "Open FPGA VI Reference" function --- Build Specification vs VI vs Bitfile

    When using the "Open FPGA VI Reference" function in a LV2012 cRIO application, there are 3 options: Build Specification, VI, or Bitfile. What would be the reasons for selecting one over the others? Does it affect the resulting startup.rtexe when the cRIO application is built? I searched through the help and in these forums, but I don't see criteria for selecting one over the others; maybe I missed it.

    Hello Chris,
    Apologies in advance for a long reply.  
    The reference method won't change the functionality of your rtexe.exe.  They all end up dropping a bitstream, based on a bitfile, onto the cRIO's FPGA.
    To a degree, the method used to reference the FPGA code is a matter of taste, but there are situations where one method is better suited than the others.
    Reference by VI:
    Setting the configuration options to open reference by VI is helpful during development when you are making changes to an FPGA VI often and building/testing using the same spec.  When this option is used, a bitfile is selected based on the default build specification for the project.  A project may have only one default build specification.  You can make any build the default by checking the option under the Source Files category in the build properties.  The default build is indicated in the project explorer by the green box around the builds icon.  
    Reference by Bitfile:
    This option references a bitfile directly.  Through the configuration window, you can select one specific bitfile to open a reference to (this is not dynamic and does not change unless you physically go make a change to that path).  If you're using this method, it helps to give your bitfiles more meaningful names than the ones that are automatically generated by LabVIEW.  When you run subsequent compilations off of the same build specification and do not change the bitfile nname or path in the build configuration, the old bitfile is overwritten and replaced with the new one.  When you are using this option, it is critical that you keep up with which bitfile is the one you want to be using.  There is an option now that will help alleviate any problems referencing by bitfile through the Open FPGA VI Reference function.  There is a new VI called Open Dynamic Bitfile Reference.  It is typically used when you want to chose a specific bitfile to load depending on something in your host code (a configuration option etc) - but it allows you to dynamically reference a bitfile on the block diagram by path.
    Referency by Build Specification:
    This option is good for when you want to always use a bitfile that is associated with/compiled with the same build configuration.  Say you have two options for top level FPGA VIs in your project (each with its own build spec).  Both of these VIs have the same interface (read/write controls, DMA) but they run different algorithms or something.  This is nice because you can easily switch your host application between them by picking the build spec associated with the FPGA VI you want to use.  In this type of sutation, referencing by VI is no good because you can only have on default build spec.
    cheers.
    Matthew H.
    Applications Engineer
    National Instruments

  • Instrument Control Build Specifications

    Dear Sir:
          I am trying to build a working *.exe instrument control program.  This is a simple program which only queries my test instrument with a *IDN? command. 
          The program fails to call my instrument driver and the program also runs on boot up when (running under normal conditions) it should wait for me to input the GPIB address of my test instrument. 
          Let's begin with the failure of Labview to communicate with the instrument driver.   This is some background information.
           When I run the program as simple *.VI in the Labview environment, the program runs perfectly.    No issues.
           When I use Agilent Connection Expert or MAX to communicate to the test instrument, communication is established and there are no issues - I receive a reply, connectivity is established. 
            After I build the *.VI into a *.EXE program, this is where the program's issues arise. 
           The *.EXE program fails to initialize correctly and fails to establish connectivity with my test instrument.
            Here are some issues that I have noticed about the program running in *.EXE mode
    1)  The program runs on "boot up" when you click on the *.EXE program.   In *.VI mode, the program does not run on boot but waits for the user to input the GPIB address of the test instrument - program run is designed to be enabled by the user.
          I do not believe this is the source of the problem but only an incidental consequence of the problem.   If I stop the program and input the GPIB address, I receive a message about not being able to communicate to the driver. 
    2)  Once the *.EXE program runs, there is a condition whereby the operating system cannot close the program and WINDOWS itself cannot shut down itself unless I manually close all the programs associated with the *.EXE program in the WINDOWS operating environment. 
    3)  If the labview program and *.EXE program are closed but the operating system is still running,  Agilent Connection Expert and MAX can no longer communicate with the test instrument.   They no longer see the test instrument.
    It is obvious that the *.EXE program is making a change which is causing the operating system to "hang" on shutdown and is also preventing the other programs from operating as they should. 
    I believe the source of my problem may be how I programmed my build specifications.     In reply,  can you please tell me what are the minimum requirements for the build specification so that my test instrument can reply to a simple *IDN? query?   What files are normally required for a successful build?
    Other information as to the source of my issues are welcome as well.
    Thank you.
    Solved!
    Go to Solution.

    Thanks for you advice.
    I think this problem is a lot easier than you might think.   I just started using Labview and the *.VI is super simple.  I am away from my development computer right now so I can't post it.  
    The information I need to know right now are the typical files that are needed to be added in the build.  
    I found this quote that I found on a webpage to be interesting, (although I am not building an installer):
    "  Do I need to include NI-488.2 2.7.3 module if I use only basic GPIB Write.vi and GPIB Read.vis in my project?
    Yes, if you are making an installer ..."
    This is a link to the webpage:
    http://forums.ni.com/t5/LabVIEW/Uninstalling-LabVIEW-after-an-application-EXE-build/td-p/1553310
    My program involves only simple reads and writes using NI-488.2 calls to a test instrument.   A simple list of files specified with filename extensions to get me started would be appreciated.

  • Labview project build specification

    I created a LabVIEW8 project.  WIthin it I have a few folders that organize my code.  I'm trying to create a Build Specification (found at the bottom of the project view).  I created a new Build Spec and began populating it.   I can add information to all fields, except the Source Files category.  When in the Source Files category I'm able to specify the Dynamic VIs and Support VIs in the bottom box by selecting Full OI - Top Level VI.vi.  However, when I try to select any single file (Launcher.vi in this case) as the Startup VI, all my VI files become grayed out.  I can't select any of them.  I tried placing my launcher file in a new folder (apart from the majority of my code).  It allows me to move the folder into the Startup VIs area, but when I say 'OK' or 'Build' at the bottom, it comes back telling me that it can't continue because I haven't selected a Startup VI.  Any ideas?

    Have you tried saving the project and trying again. I tried to create one on the fly and it wouldn't allow me to select it as a top level VI until I saved the project and the VIs in the project. Give that a try and let us know how it goes.
    Tyler H.
    National Instruments

  • Scrambled destination view in installer build specifications LV8.5

    I don't think this build specifications bug has been mentioned yet. I am using LV8.5 Pro under Win XP.
    When configuring a new installer build specs, under Source Files, I select my application item in the Project View and click on the arrow button to add it to the Destination View. The latter then faithfully reproduces the application files hierarchy, for example:
    Application Directory
        Manuals Directory
           Manual.pdf
        Application.exe
        Application.ini
        Startup.exe
        Startup.ini
    However, after I close and reopen the installer properties, the Destination View hierarchy appears scrambled, for example:
    Application Directory
        Manuals Directory
           Startup.ini
        Application.exe
        Application.ini
        Manual.pdf
    Supporting files get moved around the directory tree, some disapper, and others actually appear in duplicate. The outcome is exactly the same every time I repeat this process, but there is no apparent pattern to it.
    Now, when I actually build the installer and later use it, the application gets installed properly, with correct files hierarchy. What doesn't work are the shortcuts. For instance, in the above example, if I create a shortcut to Manual.pdf, it will actually point to Startup.exe. And if I need a shortcut to Startup.exe, I cannot create it because the target is not part of the Destination View.
    Thoughts?

    Dear Zador,
    Bug number 4CM921LJ titled "Shortcuts Added in Installers Are Not Created Properly" is a LabVIEW 8.5 Known Issue.  More information on the bug can be found in Knowledge Base 4EGEL6HY: Wrong or Incorrectly Disabled File Names Displayed in LabVIEW
    8.5 Installer Builder.  If you need an alternative to the workaround presented in the Knowledge
    Base, you can create separate folders for each file you need to have a
    shortcut created for instead of putting them all in one.
    This issue has been fixed in LabVIEW 8.5.1.  Please post back bug 4CM921LJ does not describe your problem.

  • Programmatically Changing Build Specifications from command line

    I use a batch file that calls a VI to build several LV projects.  I found the article http://zone.ni.com/devzone/cda/epd/p/id/5051 to get started and build projects; however, I was wondering if anyone has been able to change build specifications without opening the Application Builder dialog?  -> I would like to build an app. with a version number using the command syntax:  labview.exe <mybuild.vi> -- "project1.lvproj" "version number"
    Any thoughts regarding this problem?
    Thanks,
    Adam

    I have done some research and there doesn't seem to be a way to change the version number when building a project with this method.  If I find out otherwise I will post to let you know but I don't think it is possible.  I would look for another way to accomplish what you want by incorporating the version into the file name or something like that. 
    Eric A.
    National Instruments
    Distributed I/O Product Support Engineer

  • RT Build Specifications: Component Definition Category is unresponsive

    Hi,
    I am using LabVIEW 2013 SP1 f2, with Real-Time 13.0.1
    When I open the Properties page for a Real-Time Application build specification (to run on a cRIO-9075), and select the Component Definition category, I find that the following occurs:
     - LabVIEW becomes unresponsive, and thinks for a while. It takes approximately 20-30 seconds or so to finally show the Component Defintion page.
     - When I click on Create a component definition file (.cdf), nothing happens. As I write this, I see "Required software components", and then these are greyed out: "Software component description", and "Software version" - but there is nothing to select or change?
     - If I click on another category, it takes in the order of 20 seconds to finally show this category.
     - To close the build spec (by pressing OK), it also takes a long time (more than 60 seconds). 
     - Things are fine with the build spec if I never enter the Component Definition category.
    Is anyone else experiencing this?
    Any help would be appreciated.
    Christopher Farmer
    Certified LabVIEW Architect
    Certified TestStand Developer
    http://wiredinsoftware.com.au
    Solved!
    Go to Solution.

    Hey Chris,
    I believe the following patch is the fix that you are looking for.
    LabVIEW Real-Time Module 2013 SP1 Application Builder Patch Details
    http://digital.ni.com/public.nsf/allkb/D72B45C6905D327A86257CC800547992?OpenDocument
    There's a link to download the patch at the bottom of that page.
    Regards,
    Ryan

  • Missing Build Specifications in LV8 Full Development package

    After installing LV8 Full Development Version, the only Build Specification option available is "Source Distribution". The options "Application", "Installer", "Shared Library" and "Zip File" are missing. The correct serial number appears on the About screen so I assume I activated the package correctly.
    How do I make those other build options available?

    Buy the application builder - or upgrade to the professional version...
    Mike...
    Certified Professional Instructor
    Certified LabVIEW Architect
    LabVIEW Champion
    "... after all, He's not a tame lion..."
    Be thinking ahead and mark your dance card for NI Week 2015 now: TS 6139 - Object Oriented First Steps

  • Some build specifications change on different machines

    Hi all,
    I often need to move my LabVIEW projects from a machine to another one. In this cases, I copy all the contents of my project folder in the new machine.
    My projects are built without errors, but some build specifications are not kept.
    Build specifications that are not maintained are additional installer list (see attachment).
    In the machine 1, I include only Math kernel Libraries and NI VC2008MCMS.
    When I open the same project on the Machine 2, all the elements in NI LabVIEW Run-Time engine 2012 SP1 f3 list are checked. (see attachments)
    Thank you
    Attachments:
    machine1.png ‏5 KB
    machine2.png ‏5 KB

    Hi AC_85,
    have machine 1 and machine 2 the same installed software? Is it the same version? Maybe on the machine on which you copy your project some additional installer is not installed.
    You could try to Duplicate the entire project (from project explorer File >> Save as >> Duplicate project >> Include all dependencies) before moving it from machine 1 to machine 2.
    Hoping this will help you.
    Best Regards.
    Cla_CUP
    NI ITALY

Maybe you are looking for

  • Error in Comunication Channel

    Hi All I have a IDOC to file scenario, in the file CC I use append,FCC with the paramater fieldfixlengths. All is well the file appends until a file comes trough where the CC fails because one of the field lengths is longer than specified in the fiel

  • I want to put a stylish border around my sign.

    How do I put a border around the sign I made? I made it in text, but could do it in any other app as long as it's free. Thanks!

  • Outage in NJ area???

    Since around 4 PM EST 3/21/11 i have had little to no internet connection. (little as is worse than dial up) I have been on the phone with tech support twice and they had no clue what the issue was. We thought it was my router, but here is the twist

  • Web dynpro ABAP certification

    Hi, I am interested in doing a web dynpro ABAP certification. Do we have a certification exclusively for the same? And can someone let me know the study material. Thanks, Jai Shree

  • DVD stuck on boot

    I was trying to eject a dvd disc inside superdrive, but it seems to stuck. You can see the dvd tile in finder is gray, looks like it's about to come out, but it takes forever. After a while, I decided to restart the MBP hoping to eject it upon bootin