11-06-2007 01:06 PM - edited 03-03-2019 05:42 AM
Hello,
I'm looking for a solution that would enable me to assign users to a specific VLAN based on MAC address. I'm using a Catalyst 3560 switch. Is there something similar to VMPS that would allow me to do this? I would like to run VMPS, but it looks like you need a VMPS server (catalyst 5000) to do this. Any help would be appreciated. Thanks!
Solved! Go to Solution.
11-06-2007 02:07 PM
If that's the case then 802.1x with Guest and Authentication Fail VLAN is probably more appropriate. If you are a Windows AD house then its just some configuration as you will already have all the software (IAS Radius Server, XP's built-in 802.1x supplicant).
There are a few guides on how to set this up, do a search.
HTH
Andy
11-06-2007 01:48 PM
802.1x is the way forward, however if you have clients/devices that move and don't have an 802.1x supplicant then you can still use VMPS. You are right you can use a Cat 5000 as the VMPS server, there are also some open source VMPS applications available. Google VMPS and Linux. There may be Windows varients available?
I would question why you need to do this though? Most networks are moving away from this type of setup. It might be worth explaining the scenario to see if anything else better suits your needs?
Andy
11-06-2007 01:59 PM
Hello Andy,
Many thanks for your prompt reply.
Basically, I need to find a solution that will allow me to segregate my network into 2 VLANs. 1 LAN for company users, & another "fallback/guest" LAN for someone that plugs into a wall jack that is not an authenticated user. These guest users would still be able to access the internet, but would not be on the same network as authenticated users.
11-06-2007 02:07 PM
If that's the case then 802.1x with Guest and Authentication Fail VLAN is probably more appropriate. If you are a Windows AD house then its just some configuration as you will already have all the software (IAS Radius Server, XP's built-in 802.1x supplicant).
There are a few guides on how to set this up, do a search.
HTH
Andy
11-06-2007 02:24 PM
Let me throw one more thing into the mix. We will be using IP phones as well. Will they need to be authenticated somehow?
11-06-2007 03:07 PM
They can be is the answer; however they don't have to be. Not all Cisco IP Phones have an 802.1x Supplicant (I assume you are using Cisco IP Phones and Voice VLANs?), only the newer ones do I think (7941, 7961, 7970 etc). I think by default the Voice VLAN on the access port does not do 802.1x authentication so the Phones bypass any 802.1x authentication.
If you have non-Cisco IP Phones then there are some more hurdles like VLAN detection and depending on the Vendor this can be achieved in a number of ways. It's should all be possible though.
Andy
11-06-2007 01:53 PM
The 3560 can act as VMPS clients, as for the server, check out this link http://vmps.sourceforge.net/
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: