Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2327
Views
0
Helpful
2
Replies

Dynamic VLAN assignment and Layer 3 switching on 300 series

glennschmidt
Level 1
Level 1

‎07-12-2012 05:25 AM

I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.

So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?

I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?

I may well be confused and missing something regarding how this is typically used..

Labels:
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎07-12-2012 07:49 AM

Hello Glenn,

Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.

The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.

Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.

The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

David Hornstein
Level 7
Level 7

‎07-12-2012 08:43 PM

Hi Glenn,

I wish to add to this discussion.

I have used dynamic VLAN assignment using 802.1x  and MAC based methods in conjunction with a radius server.

Briefly,  it allowed my customers to authenticate the Host and if the host failed authentication, it dropped the Host into a guest VLAN.

I really don't think it is unusual to purchase  a VLAN aware router to  privide the DHCP services, routing and NATing and security services for the network.

regards Dave

0 Helpful
Customers Also Viewed These Support Documents