Re: Fw: 3550 - guest vlan's

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Dec 22 2004 - 06:36:53 GMT-3

• Next message: John Wong: "Re: Fw: 3550 - guest vlan's"
• Previous message: ccie2be: "Re: voice vlan"
• Maybe in reply to: ccie2be: "Fw: 3550 - guest vlan's"
• Next in thread: John Wong: "Re: Fw: 3550 - guest vlan's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks John for getting back to me.

So, from a functionality point of view

guest vlan = regular vlan w/o 802.1x authen

Is that equation true?

And, if it is, what's the point?

Thanks, Tim

----- Original Message -----
From: "John Wong" <johnwk@unimelb.edu.au>
To: "ccie2be" <ccie2be@nyc.rr.com>
Cc: "Group Study" <ccielab@groupstudy.com>
Sent: Wednesday, December 22, 2004 1:11 AM
Subject: Re: Fw: 3550 - guest vlan's

> Tim,
>
> From what I understand, the Guest VLAN should be restricted by some other
> means (i.e. Firewalls, ACLs, etc...) such that the "guests" are restricted
> in what resources/services they can access. e.g. guests are redirected to
> a webserver which contains information or files required to enable 802.1x
> if they need Internet access, etc.. Only authenticated users should be
> given full/more access to resources.
>
> Cheers!
>
> ccie2be wrote:
> > Hi guys,
> >
> > When you configure vlan to be a guest vlan for hosts that aren't 802.1x
> > compliant,
> >
> > are there, by default, any restrictions on what traffic the port will
pass?
> >
> >>From what I can tell from the documentation, a guest vlan is like any
other
> > vlan
> >
> > except non 802.1x compliant hosts don't have to authenticate. But, what
makes
> > no sense to me is, if
> >
> > a non 802.1x host is connected to port, why make that port require dot1x
> > authentication in the first place?
> >
> > To me, it seems like first you're requiring 802.1x authentication for a
port
> > and then
> >
> > with the guest vlan you're not requiring 802.1x for that same port.
> >
> > Maybe I'm the dumb one here, but this seems pretty stupid. So, I'm
hoping
> > someone
> >
> > can explain why this isn't actually as stupid as it seems.
> >
> >
> > Also, if anyone knows of any white papers or case studies that explain
or
> >
> > provides examples of how to make practical use of this feature, could
you
> > provide a link?
> >
> > Thanks alot, Tim
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: John Wong: "Re: Fw: 3550 - guest vlan's"
• Previous message: ccie2be: "Re: voice vlan"
• Maybe in reply to: ccie2be: "Fw: 3550 - guest vlan's"
• Next in thread: John Wong: "Re: Fw: 3550 - guest vlan's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:29 GMT-3