Wireless Networks Thread, Raidus Based Vlans in Technical; Hey Everyone!
Just wondering if anyone has implemented RADIUS based VLANs on their organisation/school, be very interested in how you ...
27th July 2013, 08:46 PM #1
- Rep Power
Raidus Based Vlans
Just wondering if anyone has implemented RADIUS based VLANs on their organisation/school, be very interested in how you did it!
Tom (wow it turned out I cannot spell Radius- sorry all!)
Last edited by Speedydowt; 27th July 2013 at 08:54 PM.
27th July 2013, 09:19 PM #2
Yup, been running them for 5+ years here. We have IAS set up with a bunch of rules, the core switch (HP 5406zl) talks with that, and all the ports across the network are set to use aaa port-based mac address auth. Then, in our AD we have a username for each MAC address that's allowed on, and groups which match up with the IAS rules for each vlan.
Some devices do not like this though (printers mostly) and have their vlan st statically on the switches.
I'm pondering moving as much as I can over to 802.1x based auth though, using login names etc... We've started the move for Wi-Fi already.
27th July 2013, 09:23 PM #3
- Rep Power
This is awesome localzuk, how are you finding the 802.1x based vlans through wifi? Must be annoying to setup!
27th July 2013, 09:49 PM #4
It works ok, the details are set by GPO for our windows 7 laptops. We're using a single vlan with multiple ssids at the moment but later this summer we're moving to 3 vlans. One which will be dedicated to 802.1x.
The other 2 will be for guests and for non-802.1x devices but authenticated by the proxy.
27th July 2013, 10:13 PM #5
No idea what is there now, but for a number of years (with XP, Vista, 7, os x, printers) I ran an entirely RADIUS vlan assigned network, wired and wireless. I combined this with the 5400 ACLs to have different server vlans available to different clients.
All procurve with 802.1x for domain machine vlan assignment, MAC auth for printers and devices that don't support 802.1x and Apple machines (although now they have better 802.1x iirc). It worked pretty well, non auth machines ended up in an unauthenticated VLAN that only had WDS/mac imaging and domain join facilities. Gets around multicast on vlans with WDS as they all drop into the unauthenticated when network booting!
Still some issues with windows 7 not holding netlogon for the auth, but it works nearly all the time.
Only ever defeated by a phone system that had to have static vlan assignment, it was very quiet, never sent any traffic out when you plugged it into the network - no MAC gets seen for the switch to authenticate!
28th July 2013, 02:45 PM #6
- Rep Power
its really great that you guys actually have this setup, make me see the "light at the end of the tunnel". thanks very much for your insight!
By Simcfc73 in forum Wireless Networks
Last Post: 26th July 2010, 11:28 AM
By AlexB in forum Wireless Networks
Last Post: 21st September 2008, 05:56 PM
By NetworkGeezer in forum Wireless Networks
Last Post: 2nd March 2007, 10:12 AM
By ICTNUT in forum Scripts
Last Post: 13th May 2006, 08:19 PM
By ChrisH in forum Windows
Last Post: 28th June 2005, 01:27 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)