Comware

 View Only

  • 1.  Port Based VLAN or MAC Based VLAN Configuration

    Posted May 20, 2007 11:00 PM
    Hi All,

    Can anyone help how to do port based VLAN or MAC based VLAN.


    Senario:

    1. Total 3 floors

    2. HP 2510 Switches.

    3. Each floor 3 vlans


    Now my question is if 1st floor user goes and connect the port in 3rd floor he has to get his VLAN.

    Example:

    User name : John
    Department : Sales
    Floor : 1st Floor
    Port : 3
    VLAN ID : VLAN 10


    Now if john goes to 2nd or 3rd floor he has to get the same vlan where he belongs to like VLAN 10..

    Can any one help me how to configure this ..


    1. Need to configure port based VLAN or
    2. Need to configure MAC based VLAN


    Regards

    Network Nazzzz.....



  • 2.  RE: Port Based VLAN or MAC Based VLAN Configuration

    Posted May 21, 2007 02:02 PM
    802.1x authentication with dynamic VLAN will do the trick. you need a Radius server and a client which supports 802.1x.

    If you have newer switches like 2600, 3500, 5400 they also can do device authentication based on MAC address (MAC-auth)

    If you want to achieve granular control over what when where the Identity Driven Manager is the perfect tool to configure your radius server.

    Some reading:
    http://www.hp.com/rnd/training/technical/IDM2.0.htm

    http://www.hp.com/rnd/pdfs/guest_vlan_paper.pdf

    I know this is a very short answer, but this is the direction you need to consider.


  • 3.  RE: Port Based VLAN or MAC Based VLAN Configuration

    Posted May 22, 2007 08:59 AM
    That answer, like with any good design, is "it depends".

    The traditional VLAN scheme is port-based. It's the simplest to implement and maintain. In your scenario above, if John was on the first floor, he'd be in VLAN 10. If John moved upstairs and connected to a seperate switch, he'd be in VLAN 20. Port-based VLAN is almost always geography based; switch X is on the 1st floor in VLAN 10, so everyone on the first floor is VLAN 10. This is somwhat implied by your statement that "each floor has 3 VLANs."

    However, if there are requirements that individuals or devices must be segregated reguardless of location, you need to move to MAC-based VLANs. Say that user John must ALWAYS be in VLAN 10 no matter what floor he is on.

    In this case, your statement that "each floor as 3 VLANs" does not really apply, because, depending on who is sitting where on a particular day, you could have all 9 VLANs active on a single floor, or even a single switch. All of your switches and ports must be potential members of all 9 of the VLANs. Then the VLAN membership of each port must be assigned based on the MAC address of the end device. Sietze posted a brief description of 802.1x, and how it can be used, along with some applications, to dynamically assign the VLAN based on a variety of criteria, including the end user ID.


  • 4.  RE: Port Based VLAN or MAC Based VLAN Configuration

    Posted Jun 05, 2007 12:29 AM
    Can someone help.
    I'm trying to implemnt VLANs (on a Procurve 2900). The VLANs will correspond to different subnets 10.39.1.x, 10.39.2.x, 10.39.3.x, etc
    When I plug 2 PC's into the switch and give them different static IP addresses in each subnet - they cannot communicate. How do you configure the switch to route between the two subnets?


Related Content