Hello everyone. I am trying to do this task. I am working in a network which is class A. We already have a scope which every user for the company could access with their user and password, then they have access to some resources. We managed this with active directory. I need to allow to external user such a auditors to have access only to internet when they conect their laptops to a network point. I don't know how to do it. I think I have to create a new scope and autoriye in the ADirectory. Also, DO you know if I have to modify something in the switches?.
Any sugestion and previous experience in this task it's welcome.
If you need more information just tell me.
the best thing you can do here is to implement dot1x with guest-vlan (if ur switch supports). which switches do u have ?? when u enable dot1x, u can have the guests, to go to a guest-vlan automatically, and u can configure seperate dhcp scope for them. Once they get this IP, make sure they access only internet, by putting the right VLAN access-lists or limiting on the firewall.. you can see this URL for more info on dot1x:
If not on dot1x, u need to manually create a guest VLAN, and define on the interfaces. When they put their laptop, they automatically get the IP address and get connected to internet...
hope this helps.. all the best. rate replies if found useful..
3750 will support almost all the features.. 2100 ??? really not sure.. but the basic idea is what i had told u before.. either configure dot1x or manually configure the VLAN and isolate a seperate scope on the DHCP..
Hope this helps... rate replies if found useful..
I found that the 3750 is connected in a centralized way with the others, so in this case could apply a VLAN. If a create it. Do I have to configure a separate scope in the DHCP server?
If you need to allocate automatic IP addresses for these clients, u need to create another seperate SCOPE on the DHCP server.. no other go... if u can maintain static IPs, which is not recommended, u need not create the scope on the dhcp server.. Once u have a seperate VLAN with a seperate subnet, u can route that subnet only onto the internet and make it seperate from other subnets on ur local network..
Hope this helps.. all the best. rate replies if found useful..
I don't know which V-lan I have to create. I am between private V-lan and ISL or IEEE802.1x. if teh answer is IEEE802.1x Do I have to activate VTP?. I already read that many people had troubles with it.
U need to create just one vlan.but u need to configure the individual ports which will be used by the users in the vlan which u have created.
Do I need to configurate in the core switch?. If I am running with VTP. or, Do I need to do it in all the access switches?.
If you run VTP, u need not configure the VLANs on the access switches , if they are configured as VTP clients.. Incase you have it as transparent, u might have to configure it locally on the access switch..
are u able to set the vlans now ? do u have any more queries with regards to this ?