Faisal Sehbai Sun, 11/01/2009 - 21:58
User Badges:
  • Gold, 750 points or more

Not a very good idea. You can make it work, but role-based vlans won't work, and if you use real-ip, then oob won't work since it relies on changing the ip address to access subnet.


HTH,

Faisal

aviyoshi10 Sun, 11/01/2009 - 22:19
User Badges:

thanks,

about role-based vlan you mean that after authenticating the users, all the users must reside on the same access vlan ?

Faisal Sehbai Mon, 11/02/2009 - 07:09
User Badges:
  • Gold, 750 points or more

Yes. You'll have to define all the access vlans manually, and cannot dynamically move them to different vlans based on their roles.


HTH,

Faisal

aviyoshi10 Mon, 11/02/2009 - 11:41
User Badges:

the role-based vlan wont work beacuse the cam will not bounce the port ?


i dont understand the correlation between role-based vlan and not using dhcp services ?


do you have by any chance a design overview for that situation ?

Faisal Sehbai Mon, 11/02/2009 - 11:44
User Badges:
  • Gold, 750 points or more

For role-based vlan mapping, the vlan is switched to the final vlan and then agent requests an ip refresh since if you had the access vlan IP address, and you're now in a new vlan, network access wont be there.


I don't think we have any white papers discussing setting up NAC with static IPs, but I'll look.


HTH,

Faisal

Actions

This Discussion