cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
272
Views
0
Helpful
1
Replies

Guest VLAN - best way to implement

jason.eberhard
Level 1
Level 1

Currently in my lab guests on my network are assigned to our guest vlan via the RAC in the ACS server.

Now I could also change the RAC to not assign the vlan and instead use the dot1x guest-vlan command on the switch ports.

I'm wondering if there is a preferred method, argument for/against each, or it's just two different ways of skinning the same cat? The only benefit I can see using the RAC is if that vlan should ever change, it would only need to be changed in one spot instead of on every single switch port.

I guess the same question could be asked for the auth-fail vlan setting (assuming you aren't denying them access via the NAP).

1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

Jason,

Both methods are ok and it depends how deep is your network. Changing vlan in RAC would be quick and easy to do.

Regards,

~JG

Do rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: