01-10-2007 03:53 AM - edited 03-05-2019 01:42 PM
Hello everyone. I am trying to do this task. I am working in a network which is class A. We already have a scope which every user for the company could access with their user and password, then they have access to some resources. We managed this with active directory. I need to allow to external user such a auditors to have access only to internet when they conect their laptops to a network point. I don't know how to do it. I think I have to create a new scope and autoriye in the ADirectory. Also, DO you know if I have to modify something in the switches?.
Any sugestion and previous experience in this task it's welcome.
If you need more information just tell me.
Thanks
01-10-2007 10:23 PM
hello wladimir,
the best thing you can do here is to implement dot1x with guest-vlan (if ur switch supports). which switches do u have ?? when u enable dot1x, u can have the guests, to go to a guest-vlan automatically, and u can configure seperate dhcp scope for them. Once they get this IP, make sure they access only internet, by putting the right VLAN access-lists or limiting on the firewall.. you can see this URL for more info on dot1x:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d11a4.shtml
If not on dot1x, u need to manually create a guest VLAN, and define on the interfaces. When they put their laptop, they automatically get the IP address and get connected to internet...
hope this helps.. all the best. rate replies if found useful..
Raj
01-10-2007 10:42 PM
Thanks for your answer.
I will check if the switches could support that. We have a cisco 3750 and the others are 2100 series.
Wladimir
01-10-2007 11:16 PM
3750 will support almost all the features.. 2100 ??? really not sure.. but the basic idea is what i had told u before.. either configure dot1x or manually configure the VLAN and isolate a seperate scope on the DHCP..
Hope this helps... rate replies if found useful..
Raj
01-10-2007 11:33 PM
Hi Raj,
I found that the 3750 is connected in a centralized way with the others, so in this case could apply a VLAN. If a create it. Do I have to configure a separate scope in the DHCP server?
Thanks
01-11-2007 12:19 AM
wladimir,
If you need to allocate automatic IP addresses for these clients, u need to create another seperate SCOPE on the DHCP server.. no other go... if u can maintain static IPs, which is not recommended, u need not create the scope on the dhcp server.. Once u have a seperate VLAN with a seperate subnet, u can route that subnet only onto the internet and make it seperate from other subnets on ur local network..
Hope this helps.. all the best. rate replies if found useful..
Raj
01-11-2007 05:34 AM
Hi,
I don't know which V-lan I have to create. I am between private V-lan and ISL or IEEE802.1x. if teh answer is IEEE802.1x Do I have to activate VTP?. I already read that many people had troubles with it.
Thanks
01-15-2007 02:47 AM
Hi,
I have a doubt, if I need to createthe vlan for 50 users, How many I have to create?.
Thanks
Wladimir
01-15-2007 03:41 AM
Hi
U need to create just one vlan.but u need to configure the individual ports which will be used by the users in the vlan which u have created.
Thanks
Mahmood
01-15-2007 04:17 AM
Hi,
Do I need to configurate in the core switch?. If I am running with VTP. or, Do I need to do it in all the access switches?.
Thanks
Wladimir
01-15-2007 04:52 AM
Hi
Just create the vlan on the VTP Server it will be propogated to the clients automatically.
Thanks
Mahmood
01-15-2007 04:10 PM
Hello wladimir,
If you run VTP, u need not configure the VLANs on the access switches , if they are configured as VTP clients.. Incase you have it as transparent, u might have to configure it locally on the access switch..
are u able to set the vlans now ? do u have any more queries with regards to this ?
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide