Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vlans based on user name maping doubts

Dear all,

my scenario is like i've 4 buildings within a campus.building 1 is where i'm going to place my core 6500 and rest 3 building ive 200 users each. total 600 user's in these 3 buliding.my aim is to create vlans, like building 2 will be another vlan so incase if the guy from building 2 comes to building 3 then also he should get access, like by maping the username he should go to the vlan group. i'm not clear like how do i start and from where should i start.

in this scenario in each these building ive 10 3560 switches with fibers connecting directly to 6500.

i've active directory in 2003 server, so im planing to map the user names from this server to acs engine 4.1 for max security. and creating vlans how do i go abt it, it will be based on user name mapings the guy from building 3 goes to building 1 or 2 he should be able to logon and work but how it is maping to the exact vlan group.

wher should i create this vlan groups is it in ACs4.1 ?

so how can i start with, ive not dome any implementation like this so if you can give some inputs that wil lbe a great thing.

i wil rate all the posts.

Binoy

1 REPLY

Re: vlans based on user name maping doubts

Hello binoy,

You need to do the following:

1) first of all, between the buildings, the connectivity should be on layer 2... what kind of circuits have you planned.. if it is ethernet, you need to run L2 trunks, so that the VLAN information is propogated between the buildings .... if specific requirement is not there, its not really advisible to do this....

2) you can configure authentication for the user via dot1x protocol. u can integrate the ACS with the active directory to create a single sign on for the user...

3) upon authenticationn, u can also authorize the user and put him on the desired VLAN on the switch automatically.. u need to configure the switch and ACS accordingly.. radius attributes 64,65 & 81 need to be defined appropriately on the ACS.. have a look at the following URL for the config example:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d11a4.shtml

4) on the switches , point to the appropriate radius server... once u have done this, ur setup should work...

hope this helps.. all the best. rate replies if found useful..

Raj

83
Views
0
Helpful
1
Replies
CreatePlease login to create content