Managed subnet and dynamic vlans

Unanswered Question
May 11th, 2010

Hi all,

I have confusion with managed subnet, we have 3 untrusted vlans, 9 trusted vlans and 3 separate vlans for vlan mapping. all vlans have different ip subnets, but untrusted vlans don’t have ip subnet, it will another vlan’s ip subnet so which vlan and which subnet ip should  I use for managed subnet?

Here is the detail of vlan and ip

Untrusted vlan               

101      for floor 1         

102     for floor 2              

103 for floor    3               

We have separate vlan for vlan mapping

101 <-> 901            (

102 <-> 902         (

103 <-> 903         (

In the initial phase untrusted client should get 172. 30.X.X range ip address from dhcp and for trusted clients they should get the ip address as per the trusted vlans as follows

Trusted Vlan                              (ip subnet)

501     for floor 1 sales dept     (     

502     for floor 2 sale dept           (

503    for floor 3 sales dept        (

601 for floor 1 mkt dept          (

602  for floor 2 mkt dept        (

603 for floor 3 mkt dept        (

701 for floor 1  admin dept      (

702 for floor 2 admin dept      (

703 for floor 3 admin dept     (

And I need to configure dynamic vlan for all users. E.g. if user is from sales department and login from floor 1 trusted vlan should be 501 and if this user login from floor 2 then trusted vlan should be 502. Can anyone give me the configuration sample or ideas for this scenario?

Thank you

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Faisal Sehbai Wed, 05/12/2010 - 19:03


Your managed subnets should be the IP range of 172.30.x.y (where y is a valid number and NOT the network number, i.e.0 or 255) with a VLAN tag of 101, 102 or 103.

For ensuring that the VLANs translate properly according to where your users are, you can assing named VLANs in the role-based VLAN config screens. Make sure the case matches as you define them on the switch and CAM. So this way if a user is on first floor and his role-based assigned VLAN is Sales, it will translate to 501, etc




This Discussion