RE: Vlan Assignment - Static

Joe,

I haven't messed with VMPS and I made an assumption about the engagement size,
which I probably shouldn't :). Anyhow, from what I can tell you, you need at
a minimum a 4000 series switch to pull this off. 802.1x information can be
implemented down to a 2950

Here are some basic notes I found:

Notes:

1. The VMPS is not supported on the Cisco Catalyst 2950.

2. The Cisco Catalyst 3550 and 3548 only support the VMPS client. High-end
switches such as the Catalyst 6000/6500 switches can be a VMPS server.

3. A PC cannot be configured to be a VMPS server.
http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_a_Cisco_Cata
lyst_switch_as_a_VMPS

I guess it works fine for MAC to VLAN mapping, but seems pretty basic in its
flexibility. Oh well, learn something new everyday.

-ryan

From: Joe Astorino [mailto:jastorino_at_ipexpert.com]
Sent: Friday, September 04, 2009 1:18 PM
To: Ryan West
Cc: Nauman Habib; George Tosh; Cisco certification
Subject: Re: Vlan Assignment - Static

You could do dynamic VLAN allocation with a VMPS server as Rich said. That is
pretty much what it was built for.
On Fri, Sep 4, 2009 at 8:46 AM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
Nauman,

I'm not sure what else to tell you. Anything that has to identify a user and
assign them to a particular VLAN requires at the very least cooperation from
the switch and a device to perform the identity verification. 802.1x is an
open standard and supported in modern operating systems and switches.

You can pull off what you want with a 2950, a desktop, and a Windows domain.
You could look at NAC, but that is a huge ball of CF :)

You mentioned wireless with a specific SSID. Using the same 802.1x supplicant
information for wireless, you can actually use the same SSID for all users and
map individual users / groups to particular VLANs. I think you should
consider 802.1x again, the mainstream support for it is there. Granted you
may have to extend your schema a little, but I think that's better than having
a redirected web page, a fat client, or some XAUTH extension. You want
security to be effective, but not cumbersome.

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
Nauman Habib
Sent: Friday, September 04, 2009 7:10 AM
To: George Tosh
Cc: Cisco certification
Subject: Re: Vlan Assignment - Static

Thanks all ,

802.1x will recquire a Radius server ( ACS ) and compatibility of Lan
Cards and switchs in the network

Is they any alternative to 802.1x ??

If there is a better way - as Gerge Tosh mention - what could it be ?

Regards

Nauman

On Fri, Sep 4, 2009 at 12:38 AM, George Tosh
<gtosh_at_aeneas.net<mailto:gtosh_at_aeneas.net>> wrote:

> I'm sure there is a better way to do this, however you might try 802.1x
> auth
> with vlan assignment.
>
> http://www.ciscopress.com/articles/article.asp?p=29600&seqNum=3
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
> Nauman Habib
> Sent: Thursday, September 03, 2009 4:26 PM
> To: Cisco certification
> Subject: Vlan Assignment - Static
>
> Dear Experts,
>
> I am looking for a solution in reply to a scenario :
>
> The Client want a VIP user to get a IP from the same VLAN - always - we can
> say it as VIP VLAN
>
> which will be having special Bandwidth allocation and privileges
>
> What are the possible ways that this can be achieved ???
>
> I Know its quite feasible for the WIRELESS user's to have a dedicated VIP
> SSID - connecting to that VIP VLAN
>
> but if the user is moving his laptop from one physical ethernet port to the
> other - What is the possible solution
>
> Thank in advance.
>
> Regards,
>
> Nauman
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
Regards,
Nauman
Blogs and organic groups at http://www.ccie.net