I have confusion with managed subnet, we have 3 untrusted vlans, 9 trusted vlans and 3 separate vlans for vlan mapping. all vlans have different ip subnets, but untrusted vlans don’t have ip subnet, it will another vlan’s ip subnet so which vlan and which subnet ip shouldI use for managed subnet?
Here is the detail of vlan and ip
101for floor 1
102 for floor 2
103 for floor3
We have separate vlan for vlan mapping
101 <-> 901(172.30.1.0/24)
102 <-> 902(172.30.2.0/24)
103 <-> 903(172.30.3.0/24)
In the initial phase untrusted client should get 172. 30.X.X range ip address from dhcp and for trusted clients they should get the ip address as per the trusted vlans as follows
Trusted Vlan (ip subnet)
501for floor 1 sales dept(192.168.1.0/24)
502 for floor 2 sale dept(192.168.2.0/24)
503 for floor 3 sales dept(192.168.3.0/24)
601 for floor 1 mkt dept(192.168.4.0/24)
602for floor 2 mkt dept(192.168.5.0/24)
603 for floor 3 mkt dept(192.168.6.0/24)
701 for floor 1admin dept(192.168.7.0/24)
702 for floor 2 admin dept(192.168.8.0/24)
703 for floor 3 admin dept(192.168.9.0/24)
And I need to configure dynamic vlan for all users. E.g. if user is from sales department and login from floor 1 trusted vlan should be 501 and if this user login from floor 2 then trusted vlan should be 502. Can anyone give me the configuration sample or ideas for this scenario?
Your managed subnets should be the IP range of 172.30.x.y (where y is a valid number and NOT the network number, i.e.0 or 255) with a VLAN tag of 101, 102 or 103.
For ensuring that the VLANs translate properly according to where your users are, you can assing named VLANs in the role-based VLAN config screens. Make sure the case matches as you define them on the switch and CAM. So this way if a user is on first floor and his role-based assigned VLAN is Sales, it will translate to 501, etc
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...