They are talking about using sticky-mac if they can't figure this out and I cringe at the thought of all the help desk issues that is going to cause. I'm thinking the way they have this network set up is not a supported way to accomplish this, but I need to know for sure. The environment is all Cisco 3750X switches with Server 2012 R2 for NPS and DHCP. If there is a way to do this I would appreciate a nudge in the right direction. (DHCP is installed on the NPS server)Įverything I have found online about 802.1x VLAN assignment suggests that you can assign a VLAN during authentication, but I haven't found anything that would help me tell the server which DHCP scope to lease addresses from based on how the port is already tagged on the switch. A user on the 3rd floor connects to a port tagged for VLAN 720, they authenticate through NPS and then receive an IP address from 700. So for instance, VLAN 700 is the 2nd floor VLAN. With dot1x authentication enabled all users are leasing an IP address from the first DHCP pool regardless of how the port is tagged. I have a client who's network is divided (with VLANs) by floor in their building.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |