Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VLAN vs Server authentication

Need help here.

VLAN is a logical grouping of users via switch ports assignments.

Questions:

------------

a. Can user A fron VLAN-A use VLAN-B workstations and login using VLAN-A login name and password? IF not, VLAN is very restrictive.

b. If I have VLAN1 and VLAN2 , if the users of both VLAN login to the same server, who controls the authentication? At the switch or at Server ACL?

c. Must the server be in any of the VLAN?

1 REPLY
New Member

Re: VLAN vs Server authentication

Hi,

You probably must route or bridge between the VLANs.

If you only create VLANs and dont route them, its as 2 diffrent LANs.

Hence, virtualt LANs.

Maybe i dont have the whole picture of your problem, so i do some guessing.

a) Depends on what authentications system your running. If Windows enviroment and using NetBEUI/NetBIOS stuff, its prefered that you run the command "ip helper-address " on the L3 interface that have the server. Still you must route or bridge the two VLANs. This is a problem with Windows enviroment and not VLAN.

b) If running 802.1x, the auithentication is done in switch, but must authenticate with a server (Windows/RADIUS/TACACS...). If not running that feature, its the Windows server that support your login.

c) Depends on if you route/bridge betweeen the VLANs or run them autonomous. If autonomous, you probably need a server at every VLAN.

66
Views
0
Helpful
1
Replies