HPE Community
Switches, Hubs, and Modems
1752590 Members
3500 Online
108788 Solutions
New Discussion юеВ

Re: dynamic vlans

 
Steve BRUNATO
Occasional Contributor

тАО09-22-2006 01:18 AM

тАО09-22-2006 01:18 AM

dynamic vlans

Hi,
Is it possible (HP2600 or HP5400) to dynamicaly affect vlan regarding the host's IP address ?
This is my problem : I have 1 network 192.168.1.xx/24 for most of users (DEFAULT_VLAN), 1 network 192.168.2.yy/24 for group 1 of automates (VLAN_2) and 1 network 192.168.3.zz/24 for group 2 of automates (VLAN_3). Is it possible NOT to statically affect ports of the switch i.e. I plug a machine anywhere and it goes on its own vlan according to its IP address ?
Next, I will have several switches...
Thanks.
0 Kudos
6 REPLIES 6
Mohieddin Kharnoub
Honored Contributor

тАО09-22-2006 03:53 AM

тАО09-22-2006 03:53 AM

Re: dynamic vlans

Hi

Yes its possible, by usuing one the the 802.1X advantages, which is Dynamic Vlans assignment.

What you need is an 802.1x aware switches (both 5400 and 2600 support it), and a RADIUS server.

Configuration is easy, once the user connect to any port on the switch, he has to authenticate, and once authentication done, the RADIUS server will pass this user's Vlan assignment with his privileges and attributes.

Read more about this in the following link, ch11 :
ftp://ftp.hp.com/pub/networking/software/3500_5400_6200_AccSecGde-July2006-59913828.pdf

Good Luck !!!
Science for Everyone
0 Kudos
Steve BRUNATO
Occasional Contributor

тАО09-24-2006 06:21 PM

тАО09-24-2006 06:21 PM

Re: dynamic vlans

Thank you for your answer.
If i have understood what you say, the user has to authenticate...
But what I need is to assign vlan regarding host's IP, nothing else... Is it possible on 5400 ?

Thanks
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО09-24-2006 06:34 PM

тАО09-24-2006 06:34 PM

Re: dynamic vlans

Hi

Let me ask you ? how can the switch knows who plugged in, so it can give him and IP address and a Vlan also.

You need something to recognize the person.

You can do MAC address authentication, but its a headache.

Lets say i connect my pc to a port of the 5400, the switch will direct my DHCP request to a proper DHCP server, and i get an IP, then what ????

Usually in Multiple Vlan situation, we try to get the Vlan of the user and send it along with the DHCP request to the DHCP server, where we have multiple scopes for each Vlan, then give the user a proper IP withing his vlan subnet.

With 802.1x, we authenticate the user, the get his Vlan along with an proper IP, but all done by an external authentication server and active directory.

Good Luck !!!
Science for Everyone
0 Kudos
Steve BRUNATO
Occasional Contributor

тАО09-25-2006 06:27 PM

тАО09-25-2006 06:27 PM

Re: dynamic vlans

I don't use DHCP... All my machines have static IP addresses, in their own network.
I have one network for standard PCs, another one for industrial machines, and so on...

In fact, DHCP will be used only for standard PCs (if possible)...

Is it possible without using 802.11x ? (industrial machines like 'Allen Bradley' automates don't authenticate on the network !!!)
0 Kudos
Matt Hobbs
Honored Contributor

тАО09-25-2006 06:44 PM

тАО09-25-2006 06:44 PM

Re: dynamic vlans

The only way I can think of doing this and keeping it simple is what was suggested above, using 802.1X and mac-address authentication.

When the client connects to a port, the switch will authenticate the client mac-address with the RADIUS server, which in turn will return the switch with the correct VLAN ID for that particular mac-address.
0 Kudos
OLARU Dan
Trusted Contributor

тАО10-05-2006 12:15 AM

тАО10-05-2006 12:15 AM

Re: dynamic vlans

Switches don't look inside the frame that contains the IP packets, so they by themselves can't do what you want them to do. You will need to change the port VLAN setting manually.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.