Solved

How can I configure a Dynamic Vlan (mac address authentication)?

Posted on 2010-09-01
6
979 Views
Last Modified: 2012-06-27
I have a 3com 2950 switch, and want to find a way to configure dynamic Vlan with mac address authentication.
Reading some articles, I realized that it's possible to do with VMPS, but only on Cisco equipment, right?
Is there a way to do that with 802.1x protocol ?
The point is  that I have a lot of desktops/laptops in different VLANs that sometimes moves from location to location within the office and I need them to be always in the same VLAN.

Regards..
0
Comment
Question by:AdmHT
  • 3
  • 3
6 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 100 total points
ID: 33619950
Yes, VMPS is a Cisco feature.  You are correct that 802.1X has the capability of setting the VLAN but it's unclear whether that's supported on the switch you mention.  I've never worked with 3Com switches, but I don't see a 2950 model listed, so either that's a typo or it's an old switch, in which case it may be less likely it supports 802.1X.

My experience with 802.1X is somewhat limited, but I will say from what I understand the "free" supplicants are sometimes less than the best, so in the long run an 802.1X solution that's really manageable may not be exactly free.  I had a customer that piloted 802.1X on the basis that it was "free" and found he was averaging 7 or 8 trouble tickets per day (out of ~1,000 users) on 802.1X connectivity issues.  I believe he gave up after about 3 months of trying to work with it.

Or you could buy a few Cisco switches instead and then you'd be OK for VMPS.  Your third option is some kind of NAC solution that would accomplish much the same thing, but that would be another non-free solution.

Sorry this probably isn't as helpful as you'd like.  You don't mention how many users you're dealing with or how many switches, but if it were me, I'd be trying to figure out how to get an upgrade to the switch infrastructure approved and funded.  How much time do you spend managing the VLAN assignments, and therefore what would be saved by having an automated solution?
0
 

Author Comment

by:AdmHT
ID: 33630518
jmeggers: thanks for your comment...

      Just to correct the model I had mentioned before: 3Com Baseline Switch 2952-SFP Plus. I checked, and it supports 802.1x.
      We have around 100/120 users in the office, and for now we don't intend to buy new equipment...


Regards


      
      
0
 
LVL 18

Expert Comment

by:jmeggers
ID: 33632911
I say try the 802.1X route, then.  Seems to me that's your best option.  Just be prepared to field some "I can't connect to the network calls" but with only 100 or so users hopefully it won't be too bad.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:AdmHT
ID: 33705644
Is this the only option?
0
 
LVL 18

Expert Comment

by:jmeggers
ID: 33711038
You stated you don't intend to buy new equipment, so the 802.1X approach is the only one I can think of that doesn't involve an additional investment in something, either replacing switches or purchasing a complete NAC solution that will do the VLAN assignment for you.  Even with 802.1X, you could purchase a supplicant that you might find to be more manageable than the built-in Windows supplicant (e.g. Cisco's Secure Services Client or Juniper's Odyssey Access Client), but you don't have to.  I gather the Windows supplicants have gotten better, but I haven't worked with them recently.
0
 

Author Closing Comment

by:AdmHT
ID: 33737876
it´s not conclusive but we will look further.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now