- Posts: 2
- Thank you received: 0
network design
15 years 10 months ago #28583
by ammadeyy
network design was created by ammadeyy
Core Switch : Catalyst 3750
20 vlans created.
Core switch act as VTP domain
all other switches are as vtp client, connected as trunk
vlan traffic is routed through access-list
Floor 10 Core Switch Catalyst 3750
Floor 9 Catalyst 2900
Floor 8 Catalyst 2900
Floor 7 Catalyst 2900
Floor 6 Catalyst 2900
Floor 5 Catalyst 2900
Floor 4 Catalyst 2900
Floor 3 Catalyst 2900
Floor 2 Catalyst 2900
Floor 1 Catalyst 2900
My requirments are
1. User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10
2. User 1 found administrator password and change his ip to vlan 20 ip, he should NOT be able to access vlan 20, or the switch should block his MAC
whats the easiest way to do this, using the above switches
20 vlans created.
Core switch act as VTP domain
all other switches are as vtp client, connected as trunk
vlan traffic is routed through access-list
Floor 10 Core Switch Catalyst 3750
Floor 9 Catalyst 2900
Floor 8 Catalyst 2900
Floor 7 Catalyst 2900
Floor 6 Catalyst 2900
Floor 5 Catalyst 2900
Floor 4 Catalyst 2900
Floor 3 Catalyst 2900
Floor 2 Catalyst 2900
Floor 1 Catalyst 2900
My requirments are
1. User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10
2. User 1 found administrator password and change his ip to vlan 20 ip, he should NOT be able to access vlan 20, or the switch should block his MAC
whats the easiest way to do this, using the above switches
- valkyrnash
- Offline
- New Member
-
Less
More
- Posts: 11
- Thank you received: 0
15 years 10 months ago #28601
by valkyrnash
Replied by valkyrnash on topic Re: network design
Let's take first things first. Your 1st requirement:
"User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10"
To do this, it is my understanding that you would need a VLAN Membership Policy Server (VMPS), which can be run on a Catalyst 4500 or 6500. As you don't have any VMPS capable switches, it looks like you wont be able to meet this requirement... or you could setup up a 3rd party on FreeNAC.
If you do setup a VMPS, and he changes his IP, he wont be able to communicate with any devices, as either his IP will be out of the range of his Default Gateway, or his self-assigned gateway will mismatch that which the switch is giving him via the VMPS/VTP/VLAN (ie, the switch will still assign him vlan 10).
If there is another way, I'd be interested...
"User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10"
To do this, it is my understanding that you would need a VLAN Membership Policy Server (VMPS), which can be run on a Catalyst 4500 or 6500. As you don't have any VMPS capable switches, it looks like you wont be able to meet this requirement... or you could setup up a 3rd party on FreeNAC.
If you do setup a VMPS, and he changes his IP, he wont be able to communicate with any devices, as either his IP will be out of the range of his Default Gateway, or his self-assigned gateway will mismatch that which the switch is giving him via the VMPS/VTP/VLAN (ie, the switch will still assign him vlan 10).
If there is another way, I'd be interested...
Time to create page: 0.110 seconds