cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
957
Views
0
Helpful
6
Replies

Dynamic VLANs on a Catalyst 3560

ddegner
Level 1
Level 1

Hello,

I'm looking for a solution that would enable me to assign users to a specific VLAN based on MAC address. I'm using a Catalyst 3560 switch. Is there something similar to VMPS that would allow me to do this? I would like to run VMPS, but it looks like you need a VMPS server (catalyst 5000) to do this. Any help would be appreciated. Thanks!

1 Accepted Solution

Accepted Solutions

If that's the case then 802.1x with Guest and Authentication Fail VLAN is probably more appropriate. If you are a Windows AD house then its just some configuration as you will already have all the software (IAS Radius Server, XP's built-in 802.1x supplicant).

There are a few guides on how to set this up, do a search.

HTH

Andy

View solution in original post

6 Replies 6

802.1x is the way forward, however if you have clients/devices that move and don't have an 802.1x supplicant then you can still use VMPS. You are right you can use a Cat 5000 as the VMPS server, there are also some open source VMPS applications available. Google VMPS and Linux. There may be Windows varients available?

I would question why you need to do this though? Most networks are moving away from this type of setup. It might be worth explaining the scenario to see if anything else better suits your needs?

Andy

Hello Andy,

Many thanks for your prompt reply.

Basically, I need to find a solution that will allow me to segregate my network into 2 VLANs. 1 LAN for company users, & another "fallback/guest" LAN for someone that plugs into a wall jack that is not an authenticated user. These guest users would still be able to access the internet, but would not be on the same network as authenticated users.

If that's the case then 802.1x with Guest and Authentication Fail VLAN is probably more appropriate. If you are a Windows AD house then its just some configuration as you will already have all the software (IAS Radius Server, XP's built-in 802.1x supplicant).

There are a few guides on how to set this up, do a search.

HTH

Andy

Let me throw one more thing into the mix. We will be using IP phones as well. Will they need to be authenticated somehow?

They can be is the answer; however they don't have to be. Not all Cisco IP Phones have an 802.1x Supplicant (I assume you are using Cisco IP Phones and Voice VLANs?), only the newer ones do I think (7941, 7961, 7970 etc). I think by default the Voice VLAN on the access port does not do 802.1x authentication so the Phones bypass any 802.1x authentication.

If you have non-Cisco IP Phones then there are some more hurdles like VLAN detection and depending on the Vendor this can be achieved in a number of ways. It's should all be possible though.

Andy

Edison Ortiz
Hall of Fame
Hall of Fame

The 3560 can act as VMPS clients, as for the server, check out this link http://vmps.sourceforge.net/

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: