Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

Help with 802.1x and trunk for 5304xl w/ 2800's

Occasional Visitor

Help with 802.1x and trunk for 5304xl w/ 2800's

Howdy. First I'd like to say I'm a programmer not a network guy so I apologize in advance should I say something nonsensical. With that said...

I've a 5304xl w/ two 16port Gig modules that I will be using as the backbone/core switch for my network. I then have one 2824 and two 2824's that I will be using for edge switches. All closets are well within 300ft of the 5304xl so I'll be using three runs of Cat6 per switch for trunks (LACP).

There will be four static VLANs setup on each switch (servers, printers, users, guests). Routing between VLANs will be handled by the 5304xl (L3). Port authentication (802.1x w/ Radius) will be setup on the edge switch ports where the workstation drops will be patched to.

The questions:
- It looks like the trunks between the 2800's and the 5304xl will need be be tagged members of all VLANs. Any issue in doing VLAN trunking with on switch trunks?
- Network is a hub-spoke design (or star, whatever it's called now days). I'm planning on doing 3 LACP trunks from each switch to the core. Is there something else I should consider? Meshing perhaps?
- Port authentication (802.1x) will only be used on the edge switches (2800's). I'm assuming then config changes regarding 802.1x will only take place on the 2800's and I will not have to worry twiddle with the 5304xl correct?

Thanks for any help on this.
Kell van Daal
Respected Contributor

Re: Help with 802.1x and trunk for 5304xl w/ 2800's


For a programmer, you still make sense ;)

The answers:

- You will need to use static trunks instead of dynamic trunks. This is because you can't tag/untag dyn interfaces (which are auto created by LACP). The static trunks create trk interfaces, which can be tagged/untagged for different VLAN's. If you really want/need dynamic trunks, look at GVRP.

- In your design, trunks are sufficient. Meshing would only create advantages if there are redundant (non-trunk) connections between the switches. Meshing is an alternative for STP, not trunking.

- You are right about this statement. All 802.1X configuration need to be done on the 2800's (and the clients, and a RADIUS server as minimum).

Hope this helped.