I
RON
S
HIELD
W
HITE
P
APER
W
HITE
P
APER
: 802.1X P
ORT
A
UTHENTICATION
W
ITH
M
ICROSOFT
’
S
A
CTIVE
D
IRECTORY
Configuring VLAN Groups
The first step is to define the VLAN Groups on the Active Directory server and assign the user accounts to each
VLAN Group. The VLAN Groups are used by IAS to assign the proper VLAN ID to each user account.
Step 1: Using the Active Directory Users and Computers administrative tool, create the VLAN Groups that
will be used for each VLAN ID. One VLAN Group must be created for each VLAN defined on the Foundry device.
The VLAN Groups must be created as Global/Security groups.
• Name the VLAN Group with a descriptive name that
describes the VLAN Group’s function.
• Check the Global Group Scope parameter.
• Check the Security Group Type parameter.
Figure 20. New Global Security Group
Step 2: Add the user accounts into the proper VLAN Groups. IAS
will use the group memberships to determine which VLAN ID to
send back to the Foundry device for dynamic VLAN port
assignment.
Step 3: Repeat this step to add each VLAN Group required.
Figure 21. Add Group Members
Chia sẻ với bạn bè của bạn: |