Segmentation

wgranada1 · ‎12-14-2007

Quick question here currently I have a network of 4 segments(production, test, HR and QA)we are all physically located on one floor and basically it is a open bay area and the way we segment the different users is by using 802.1x. The question is is there any otherway to segment these subnets without using 802.1x? We have Vlans but they only are only good if you have physical separation people like to unplug there laptops and walk over to a cubical that has more authority and plug it. If 802.1x is the best way to go then I guess I will stick with it. Thank you in advance

Jon Marshall · ‎12-15-2007

Hi

Not sure what you mean by walking over to a cubical with more authority. if you are using 802.1x then based on the username that is supplied when the user logs in you can dynamically assign the switch port to a vlan. So wherever the user connects they will always end up in the same vlan.

Would this not work for you ?

Jon

wgranada1 · ‎12-17-2007

Hi Jon;

What I mean by walking over to a cubical is that we are all on one floor and there is no physical separation between the different departments. So someone from the developement department can walk through the door to my cube and take my network connection off and plug his laptop in and get more authority than he has. We currently use 802.1x to prevent this from happening as you are correct about it is base on username. I was just wondering if there was anything else besides 802.1x I can use to accomplish this or is 802.1x the best solution?

Edison Ortiz · ‎12-17-2007

802.1x is definitely the best solution for security to the access layer.

wgranada1 · ‎12-17-2007

ok thanks Edison for the info!!!!