Hello all,
I've studied the installation and administration guides in depth now,
and I think I have a pretty good understanding of how this VLAN
isolation stuff works. That being said, I have a few questions.
Currently my network is 10.232.0.0/22, in VLAN 1 (native) When my new
cisco catalyst 3750's arrive, I would like to separate this into four
(4) /24 networks.
10.232.0.0/24 - VLAN 10 (DHCP will be here)
10.232.1.0/24 - VLAN 11 (ip helper)
10.232.2.0/24 - VLAN 12 (ip helper)
10.232.3.0/24 - VLAN 13 (ip helper)
I'm hoping to have the switch ports VLAN id's being dynamically assigned
via 802.1x mac-authentication.
My First question is, when a new device is connected, and it's placed in
the "mac detection" vlan, vlan 4 in the example in the guide, assuming
I'm using linkup/down and mac-notification. Which vlan should it then
be placed into once it's determined that the device has already been
registered. VLAN 10, where the DHCP server is, or VLAN 1?
Or is the whole mac-detection registration setup a redundant effort once
802.1x mac-authentication is in place? Can packetfence somehow be used
to take the place of 802.1x mac-authentication. My ultimate goal is to
not allow any unauthorized MAC addresses on any of my four (4) 'regular'
vlan's
My second question is, what happens if there is a mini-hub at the end of
one of these switch ports. As of right now, mini hubs are not something
we've disallowed on our network. Since the minihub will be keeping the
switchport "up", there will never be a snmp trap generated when another
device is connected to the same minihub.
___________________________________________
Brett
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
