[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1014
  • Last Modified:

How can I configure a Dynamic Vlan (mac address authentication)?

I have a 3com 2950 switch, and want to find a way to configure dynamic Vlan with mac address authentication.
Reading some articles, I realized that it's possible to do with VMPS, but only on Cisco equipment, right?
Is there a way to do that with 802.1x protocol ?
The point is  that I have a lot of desktops/laptops in different VLANs that sometimes moves from location to location within the office and I need them to be always in the same VLAN.

Regards..
0
AdmHT
Asked:
AdmHT
  • 3
  • 3
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
Yes, VMPS is a Cisco feature.  You are correct that 802.1X has the capability of setting the VLAN but it's unclear whether that's supported on the switch you mention.  I've never worked with 3Com switches, but I don't see a 2950 model listed, so either that's a typo or it's an old switch, in which case it may be less likely it supports 802.1X.

My experience with 802.1X is somewhat limited, but I will say from what I understand the "free" supplicants are sometimes less than the best, so in the long run an 802.1X solution that's really manageable may not be exactly free.  I had a customer that piloted 802.1X on the basis that it was "free" and found he was averaging 7 or 8 trouble tickets per day (out of ~1,000 users) on 802.1X connectivity issues.  I believe he gave up after about 3 months of trying to work with it.

Or you could buy a few Cisco switches instead and then you'd be OK for VMPS.  Your third option is some kind of NAC solution that would accomplish much the same thing, but that would be another non-free solution.

Sorry this probably isn't as helpful as you'd like.  You don't mention how many users you're dealing with or how many switches, but if it were me, I'd be trying to figure out how to get an upgrade to the switch infrastructure approved and funded.  How much time do you spend managing the VLAN assignments, and therefore what would be saved by having an automated solution?
0
 
AdmHTAuthor Commented:
jmeggers: thanks for your comment...

      Just to correct the model I had mentioned before: 3Com Baseline Switch 2952-SFP Plus. I checked, and it supports 802.1x.
      We have around 100/120 users in the office, and for now we don't intend to buy new equipment...


Regards


      
      
0
 
jmeggersSr. Network and Security EngineerCommented:
I say try the 802.1X route, then.  Seems to me that's your best option.  Just be prepared to field some "I can't connect to the network calls" but with only 100 or so users hopefully it won't be too bad.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
AdmHTAuthor Commented:
Is this the only option?
0
 
jmeggersSr. Network and Security EngineerCommented:
You stated you don't intend to buy new equipment, so the 802.1X approach is the only one I can think of that doesn't involve an additional investment in something, either replacing switches or purchasing a complete NAC solution that will do the VLAN assignment for you.  Even with 802.1X, you could purchase a supplicant that you might find to be more manageable than the built-in Windows supplicant (e.g. Cisco's Secure Services Client or Juniper's Odyssey Access Client), but you don't have to.  I gather the Windows supplicants have gotten better, but I haven't worked with them recently.
0
 
AdmHTAuthor Commented:
it´s not conclusive but we will look further.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now