Guest VLAN - best way to implement

Unanswered Question
Mar 13th, 2009

Currently in my lab guests on my network are assigned to our guest vlan via the RAC in the ACS server.

Now I could also change the RAC to not assign the vlan and instead use the dot1x guest-vlan command on the switch ports.

I'm wondering if there is a preferred method, argument for/against each, or it's just two different ways of skinning the same cat? The only benefit I can see using the RAC is if that vlan should ever change, it would only need to be changed in one spot instead of on every single switch port.

I guess the same question could be asked for the auth-fail vlan setting (assuming you aren't denying them access via the NAP).

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Sat, 03/14/2009 - 08:10

Jason,

Both methods are ok and it depends how deep is your network. Changing vlan in RAC would be quick and easy to do.

Regards,

~JG

Do rate helpful posts

Actions

This Discussion