Microsoft IAS Configuration - Dynamic VLAN assignment

The final design will be so much flexible if we could assign users to the respective VLANs based on their identity. In this example, we will assume that any user belong to the "Engineer VPN" security group in your active directory will be assigned into VLAN 10. Do remember to create VLAN 10 on your switches first before going through this!

Go to "Remote Access Policies", create a new policy named "Engineers". Should be no problem for you now if you followed the previous example. Once this is done, right click on the "Engineers" policy and select "Properties".

Click on "Edit Profile"

Click on "Advanced"

Click on "Add" and add a new attribute "Tunnel-Medium-Type" with a value of "802".

 Repeat the above process and add in 2 more attributes, "Tunnel-Pvt-Group-ID" with a value string value of "10" and "Tunnel-Type" with a value of "Virtual LANs (VLAN)".This means users matching this policy will be placed in VLAN 10.If added correctly, you should see the following result:

There you go, easy does it eh?