As a designer and implentation engineer for networks across numerious Education sites I am often asked to implement more secure (or just simple) methods of VLAN assignments. (Especially as converged wireless solutions become more and more prevelant). I have now standardised on a 2003 IAS / AD solution that uses the clients AD login as the primary method to determin which VLAN to assign the port to. (The solution obviously can also assign guest access, MAC address assignment for VLAN etc as well as QoS assignment based on login).

My question however is this. From your considerable EduGeek experience would this be "your" prefered method of VLAN assignment/Security or do you think there is a better way / angle I should approach this from.

Fingers on buzzers and thanks for your input !