my scenario is like i've 4 buildings within a campus.building 1 is where i'm going to place my core 6500 and rest 3 building ive 200 users each. total 600 user's in these 3 buliding.my aim is to create vlans, like building 2 will be another vlan so incase if the guy from building 2 comes to building 3 then also he should get access, like by maping the username he should go to the vlan group. i'm not clear like how do i start and from where should i start.
in this scenario in each these building ive 10 3560 switches with fibers connecting directly to 6500.
i've active directory in 2003 server, so im planing to map the user names from this server to acs engine 4.1 for max security. and creating vlans how do i go abt it, it will be based on user name mapings the guy from building 3 goes to building 1 or 2 he should be able to logon and work but how it is maping to the exact vlan group.
wher should i create this vlan groups is it in ACs4.1 ?
so how can i start with, ive not dome any implementation like this so if you can give some inputs that wil lbe a great thing.
1) first of all, between the buildings, the connectivity should be on layer 2... what kind of circuits have you planned.. if it is ethernet, you need to run L2 trunks, so that the VLAN information is propogated between the buildings .... if specific requirement is not there, its not really advisible to do this....
2) you can configure authentication for the user via dot1x protocol. u can integrate the ACS with the active directory to create a single sign on for the user...
3) upon authenticationn, u can also authorize the user and put him on the desired VLAN on the switch automatically.. u need to configure the switch and ACS accordingly.. radius attributes 64,65 & 81 need to be defined appropriately on the ACS.. have a look at the following URL for the config example:
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...