Guest VLAN - best way to implement

Unanswered Question
Mar 13th, 2009
User Badges:

Currently in my lab guests on my network are assigned to our guest vlan via the RAC in the ACS server.


Now I could also change the RAC to not assign the vlan and instead use the dot1x guest-vlan command on the switch ports.


I'm wondering if there is a preferred method, argument for/against each, or it's just two different ways of skinning the same cat? The only benefit I can see using the RAC is if that vlan should ever change, it would only need to be changed in one spot instead of on every single switch port.


I guess the same question could be asked for the auth-fail vlan setting (assuming you aren't denying them access via the NAP).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Sat, 03/14/2009 - 08:10
User Badges:
  • Red, 2250 points or more

Jason,

Both methods are ok and it depends how deep is your network. Changing vlan in RAC would be quick and easy to do.





Regards,

~JG


Do rate helpful posts



Actions

This Discussion