|
|
dynamic vlan assignment besides vmps
Hey all,
Am wonderng if there are any other solutions for dynamic assignment of
vlans other than URT (whihc seems overly expensive) and VMPS (server
only seems to work on CatOS whihc none my switches run)? Basically I
want to set up a conference room and our guest area where any unknown
MAC addresses that gets plugged in will b e sent on one vlan and
trusted laptops in our network gets put on another.
Thanks!
|
|
0
|
|
|
|
Reply
|
 angrylife (20)
|
4/20/2006 2:06:14 PM |
|
Well if you have a RADIUS server, then see
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00801d0189.html#1038739
|
|
|
0
|
|
|
|
Reply
|
 Merv
|
4/20/2006 2:12:56 PM
|
|
Or perhaps you could set up two VLANS - one with an open SSID (for
guest) and the other SSID can be authenticated (using FAST_EAP for
example).
You could also apply a MAC filter to the secure SSID using the
dot11 association mac-list command.
|
|
|
0
|
|
|
|
Reply
|
Merv
|
4/20/2006 2:40:59 PM
|
|
I do but can that also be applied to a wired network (not touching
wireless yet)?
Thanks.
Merv wrote:
> Well if you have a RADIUS server, then see
>
> http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a00801d0189.html#1038739
|
|
|
0
|
|
|
|
Reply
|
psychogenic
|
4/20/2006 2:43:38 PM
|
|
what switch and IOS version ?
|
|
|
0
|
|
|
|
Reply
|
Merv
|
4/20/2006 2:57:40 PM
|
|
backbone is 6500 running IOS v 12.2, and our on floor switches are made
up of 3550s and some 3500XLs, all running IOS v 12.2
Merv wrote:
> what switch and IOS version ?
|
|
|
0
|
|
|
|
Reply
|
psychogenic
|
4/20/2006 3:11:34 PM
|
|
take a look at 802.1x authentication and dynamic VLAN assignment
http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00801e85c4.html#1062632
|
|
|
0
|
|
|
|
Reply
|
Merv
|
4/20/2006 3:16:29 PM
|
|
Hmm, would this break tacacs+ on the switches? I've added them all to
SecureACS for authentication and authorization for the admins here, and
also am using local accounts on the devices in case the ACS server is
unreachable.
Merv wrote:
> take a look at 802.1x authentication and dynamic VLAN assignment
>
> http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00801e85c4.html#1062632
|
|
|
0
|
|
|
|
Reply
|
psychogenic
|
4/20/2006 3:29:34 PM
|
|
If you have SecureACS then take a look at the Network Admission Control
feature (NAC)
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00805ec1ad.html
|
|
|
0
|
|
|
|
Reply
|
Merv
|
4/20/2006 4:23:49 PM
|
|
No. Dot1x will not break tacacs+. two separate things.
|
|
|
0
|
|
|
|
Reply
|
C
|
4/20/2006 8:09:01 PM
|
|
|
9 Replies
257 Views
(page loaded in 0.124 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24754 articles. 
23 followers. 