09-20-2007 05:06 AM - edited 03-09-2019 06:52 PM
I am in the process of testing CCA using virtual gateway in-band. I currently have a VLAN 20 on which hosts exist, so have mapped 21->20 with 21 being the untrusted.
On the switchport, the access vlan is set to 21, and dhcp passthrough is working.
I also have a guest VLAN, which is 500. I would like a guest to be able to plug into any port that is set to 21, and have them tagged to VLAN 500 after meeting requirements. Is this possible with virtual gateway in-band?
Thanks,
Jeff
09-26-2007 08:53 AM
As the port is set to vlan 21, so you cannot have guests tagged to vlan 500 after checking requirements. However you can setup a user role for each vlan (i.e. 239_allow_all) with the OOB Vlan setup for each. Then setup the mapping on the auth server to check the inital vlan and place the user in the 239_allow_all role. Then set the Port profile to use User Role Vlan instead of Default Access Vlan.
09-26-2007 08:58 AM
I found that with inband, you can retag the traffic egress with something different from what your vlan mapping is configured for. The problem is that the IP address doesn't change without a release/renew.
I'd like to have this work with just one CAS, but it looks like I'll have to get a second for OOB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide