Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest VLAN - best way to implement

Currently in my lab guests on my network are assigned to our guest vlan via the RAC in the ACS server.

Now I could also change the RAC to not assign the vlan and instead use the dot1x guest-vlan command on the switch ports.

I'm wondering if there is a preferred method, argument for/against each, or it's just two different ways of skinning the same cat? The only benefit I can see using the RAC is if that vlan should ever change, it would only need to be changed in one spot instead of on every single switch port.

I guess the same question could be asked for the auth-fail vlan setting (assuming you aren't denying them access via the NAP).

1 REPLY

Re: Guest VLAN - best way to implement

Jason,

Both methods are ok and it depends how deep is your network. Changing vlan in RAC would be quick and easy to do.

Regards,

~JG

Do rate helpful posts

118
Views
0
Helpful
1
Replies
CreatePlease login to create content