SlideShare une entreprise Scribd logo

Des 3800 howto-en_guest-vlan_20060623

C
Conrad Cruz
TechnologieBusiness
1  sur  9
Télécharger pour lire hors ligne
1 Configuration Examples Guest VLANGuest VLAN Technical Support Department D-Link Corp. June 2006
2 What is 802.1x Guest VLAN 1. Guest VLAN members can communicate to each other even if they do not pass the 802.1x authentication. 2. Guest VLAN member can move to the Target VLAN based on RADIUS VLAN attribute after passing 802.1x authentication (Guest vlan only can support port-based 802.1x, not supporting mac-based 802.1x) Guest vlan 1 2 3 4 5 6 X 1. 802.1x 2. 802.1x + guest vlan Radius ServerFTP ServerClient 2 Client 3 Client 1 Be assigned to designated vlan 3. After authentication
3 Why 802.1x Guest VLAN The 802.1x Guest VLAN can provide limited services to clients before passing the 802.1x authentication. For example, it can be used to download necessary 802.1x client software for those user not install the software yet.. In the diagram, before the client is 802.1x authenticated, Client PCs still can go to the public Web / FTP server at guess vlan to obtain the necessary information. After the client is 802.1x authenticated, the client connected port will be assign a new vlan membership and access the network service in the target VLAN. (assign authenticated ports to vlan v10)Client PC1 Client PC2 Client PC3 802.1x enabled ports at Guest VLAN at VLAN v10 Client need to 802.1x authenticated to access this server. Port 1 Port 8 Port 12 Port 21 Guest Vlan Before Authentication After AuthenticationVlan 10 Radius Server Web/FTP Server 2 Web/FTP Server 1
4 1. Two VLANs: v10 and v123 v10 static members: port 1-24 v20 static members: port 25-28 2. Guest VLAN VID=10 3. Ports 1-12 are Guest VLAN enabled ports 4. Add interface on both vlans at VLAN v20 10.10.10.101 / 8 Client PC1 11.10.10.11 / 8 Client PC2 11.10.10.12 / 8 Guest VLAN enabled ports at Guest VLAN v10 10.10.10.100 / 8 at VLAN v20 Client need to 802.1x authenticated to access this server. 10.10.10.200 / 8 802.1x Guest VLAN Example Port 1 Port 4 Radius Server Web/FTP Server 2 Web/FTP Server 1 V10 : 11.10.10.1 / 8 V20: 10.10.10.1 / 8 Port 25 Port 26 Port 19 11 10 09
5 1. DES3828 configuration ## Create VLANs v10 & v123 ## config vlan default delete 1-28 create vlan v20 tag 20 config vlan v20 add untagged 25-28 config ipif System ipaddress 10.10.10.1/8 vlan v20 create vlan v10 tag 10 config vlan v10 add untagged 1-24 config ipif p10 ipaddress 11.10.10.1/8 vlan v10 ## enable 802.1x & guest vlan ## enable 802.1x config 802.1x guest_vlan v10 config 802.1x guest_vlan ports 1-12 state enable ## set authenticator ## config 802.1x capability ports 1-12 authenticator config radius add 1 10.10.10.101 key 123456 default 2. Client PCs configuration: Run the D-Link 802.1x client software. 3. RADIUS Server configuration: Create username and password. Configure following RADIUS attributes for the user: Tunnel-Medium-Type (65) = 802 Tunnel-Pvt-Group-ID (81) = 20 the VID Tunnel-Type (64) = VLAN 802.1x Guest VLAN setup Example 1. Create 2 vlans V10 & V20 1. Enable 802.1x & Guest vlan 2. Set port 1 to 12 to be authenticator 1. Set radius server
6 About Windows 2003 Radius Server setting Configure following RADIUS attributes for the user: Tunnel-Medium-Type (65) = 802 Tunnel-Pvt-Group-ID (81) = 20 VID Tunnel-Type (64) = VLAN
7 802.1x Guest VLAN setup example Before DES-3828 Port 1 pass the 802.1x authentication In this stage, DES3828 port 1-24 can communicate to each other, including the Web/FTP server at port 19 of Guest VLAN, but cannot access FTP/Web server at port 26 of vlan20. Command: show vlan VID : 1 VLAN Name : default VLAN TYPE : static Advertisement : Enabled Member ports : Static ports : Current Untagged ports : Static Untagged ports : Forbidden ports : VID : 10 VLAN Name : v10 VLAN TYPE : static Advertisement : Disabled Member ports : 1-24 Static ports : 1-24 Current Untagged ports : 1-24 Static Untagged ports : 1-24 Forbidden ports : VID : 20 VLAN Name : v20 VLAN TYPE : static Advertisement : Disabled Member ports : 25-28 Static ports : 25-28 Current Untagged ports : 25-28 Static Untagged ports : 25-28 Forbidden ports : Command: show 802.1x auth_state Port Auth PAE State Backend State Port Status ------ -------------- ------------- ------------ 1 Connecting Idle Unauthorized 2 Disconnected Idle Unauthorized 3 Disconnected Idle Unauthorized 4 Connecting Idle Unauthorized 5 Disconnected Idle Unauthorized 6 Disconnected Idle Unauthorized 7 Disconnected Idle Unauthorized 8 Disconnected Idle Unauthorized 9 Disconnected Idle Unauthorized 10 Disconnected Idle Unauthorized 11 Disconnected Idle Unauthorized 12 Disconnected Idle Unauthorized 13 ForceAuth Success Authorized 14 ForceAuth Success Authorized 15 ForceAuth Success Authorized 16 ForceAuth Success Authorized 17 ForceAuth Success Authorized 18 ForceAuth Success Authorized 19 ForceAuth Success Authorized 20 ForceAuth Success Authorized 06
8 Command: show vlan VID : 1 VLAN Name : default VLAN TYPE : static Advertisement : Enabled Member ports : Static ports : Current Untagged ports : Static Untagged ports : Forbidden ports : VID : 10 VLAN Name : v10 VLAN TYPE : static Advertisement : Disabled Member ports : 2-24 Static ports : 2-24 Current Untagged ports : 2-24 Static Untagged ports : 2-24 Forbidden ports : VID : 20 VLAN Name : v20 VLAN TYPE : static Advertisement : Disabled Member ports : 1, 25-28 Static ports : 1, 25-28 Current Untagged ports : 1, 25-28 Static Untagged ports : 1, 25-28 Forbidden ports : Port1 PC can access FTP/Web Server 2 at vlan 20 since it becomes vlan20’s member. 802.1x Guest VLAN setup example After DES-3828 Port 1 pass the 802.1x authentication Command: show 802.1x auth_state Port Auth PAE State Backend State Port Status ------ -------------- ------------- ------------ 1 Authenticated Idle Authorized 2 Disconnected Idle Unauthorized 3 Disconnected Idle Unauthorized 4 Connecting Idle Unauthorized 5 Disconnected Idle Unauthorized 6 Disconnected Idle Unauthorized 7 Disconnected Idle Unauthorized 8 Disconnected Idle Unauthorized 9 Disconnected Idle Unauthorized 10 Disconnected Idle Unauthorized 11 Disconnected Idle Unauthorized 12 Disconnected Idle Unauthorized 13 ForceAuth Success Authorized 14 ForceAuth Success Authorized 15 ForceAuth Success Authorized 16 ForceAuth Success Authorized 17 ForceAuth Success Authorized 18 ForceAuth Success Authorized 19 ForceAuth Success Authorized 20 ForceAuth Success Authorized Port 1 pass authentication, so it will be assign to v123 since Radius has vid=123 attribute 06
9 802.1x Guest VLAN Test Result Test Result: 1. Before PC1 pass 802.1x authentication, PC1 still can ping/access to PC2 and FTP/WEB server1 at Guest VLAN. 2. After PC1 is 802.1x authenticated, PC1 can access FTP/WEB server2 because PC1 is moved to vlan 20 from guest vlan VID 10. (PC 1 cannot access PC2 and FTP/WEB Server1 any more) 06

Recommandé

Configuration steps for the cisco 300 series switches v3
Configuration steps for the cisco 300 series switches v3Configuration steps for the cisco 300 series switches v3
Configuration steps for the cisco 300 series switches v3Conrad Cruz
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
06 vlan configuration commands
06 vlan configuration commands06 vlan configuration commands
06 vlan configuration commandstinashe90
 
Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingIPMAX s.r.l.
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlanSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
VTP
VTPVTP
VTPHaidar-Mohammed
 

Recommandé

Configuration steps for the cisco 300 series switches v3
Configuration steps for the cisco 300 series switches v3Configuration steps for the cisco 300 series switches v3
Configuration steps for the cisco 300 series switches v3Conrad Cruz
 
Aeonmike pf clustering doc guide
Aeonmike pf clustering doc guideAeonmike pf clustering doc guide
Aeonmike pf clustering doc guideConrad Cruz
 
06 vlan configuration commands
06 vlan configuration commands06 vlan configuration commands
06 vlan configuration commandstinashe90
 
Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingIPMAX s.r.l.
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
CCNA- part 9 vlan
CCNA- part 9 vlanCCNA- part 9 vlan
CCNA- part 9 vlanSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part iiKrunal Shah
 
VTP
VTPVTP
VTPHaidar-Mohammed
 
Exos concepts guide_15_4
Exos concepts guide_15_4Exos concepts guide_15_4
Exos concepts guide_15_4alexandr martynjuk
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeIPMAX s.r.l.
 
Configure vtp
Configure vtpConfigure vtp
Configure vtpJavier Jimenez
 
Cisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortCisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortIPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchIPMAX s.r.l.
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000vKrunal Shah
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration3Anetwork com
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtpHector Camba Lainez
 
Dot1qtnl
Dot1qtnlDot1qtnl
Dot1qtnlHector Cojulún
 
Concepts: Management VLAN
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLANJelmer de Reus
 
Inter-VLAN Routing
Inter-VLAN RoutingInter-VLAN Routing
Inter-VLAN Routingrmosate
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslHussein Elmenshawy
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Laboratorio eaps con shared port
Laboratorio eaps con shared portLaboratorio eaps con shared port
Laboratorio eaps con shared portEduardo Orozco Castro
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la ns07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la nsAsif
 
Storm-Control
Storm-ControlStorm-Control
Storm-ControlNetProtocol Xpert
 
Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)IT Tech
 
Backend network-planning
Backend network-planningBackend network-planning
Backend network-planningGeoffrey Machua
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Dân Chơi
 
Vlan Types
Vlan TypesVlan Types
Vlan TypesIT Tech
 

Contenu connexe

Tendances

HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeIPMAX s.r.l.
 
Cisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortCisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortIPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchIPMAX s.r.l.
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration3Anetwork com
 
Concepts: Management VLAN
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLANJelmer de Reus
 
Inter-VLAN Routing
Inter-VLAN RoutingInter-VLAN Routing
Inter-VLAN Routingrmosate
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslHussein Elmenshawy
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la ns07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la nsAsif
 

Tendances (17)

Exos concepts guide_15_4
Exos concepts guide_15_4Exos concepts guide_15_4
Exos concepts guide_15_4
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
 
Configure vtp
Configure vtpConfigure vtp
Configure vtp
 
Cisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortCisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch Port
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
 
Nexus 1000v
Nexus 1000vNexus 1000v
Nexus 1000v
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration
 
Cap4 implementing vtp
Cap4 implementing vtpCap4 implementing vtp
Cap4 implementing vtp
 
Dot1qtnl
Dot1qtnlDot1qtnl
Dot1qtnl
 
Concepts: Management VLAN
Concepts: Management VLANConcepts: Management VLAN
Concepts: Management VLAN
 
Inter-VLAN Routing
Inter-VLAN RoutingInter-VLAN Routing
Inter-VLAN Routing
 
App Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid TranslApp Note Vlan Br Vlanid Transl
App Note Vlan Br Vlanid Transl
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switch
 
Laboratorio eaps con shared port
Laboratorio eaps con shared portLaboratorio eaps con shared port
Laboratorio eaps con shared port
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switch
 
07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la ns07 module extending switched netwroks with virtual la ns
07 module extending switched netwroks with virtual la ns
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
 

Similaire à Des 3800 howto-en_guest-vlan_20060623

Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)IT Tech
 
Backend network-planning
Backend network-planningBackend network-planning
Backend network-planningGeoffrey Machua
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunkingNetwax Lab
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Dân Chơi
 
Vlan Types
Vlan TypesVlan Types
Vlan TypesIT Tech
 
Лекц 9
Лекц 9Лекц 9
Лекц 9Muuluu
 
Virtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxVirtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxmarunkumareee77
 
Visio-VSCHO001_Design
Visio-VSCHO001_DesignVisio-VSCHO001_Design
Visio-VSCHO001_DesignRick Galvez
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Netgear Italia
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfNetworkershome
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtpRaj sekar
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtpRaj sekar
 
DCSF 19 Data Center Networking with Containers
DCSF 19 Data Center Networking with ContainersDCSF 19 Data Center Networking with Containers
DCSF 19 Data Center Networking with ContainersDocker, Inc.
 
Sea final adapter
Sea final adapter Sea final adapter
Sea final adapter asihan
 

Similaire à Des 3800 howto-en_guest-vlan_20060623 (20)

Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)Implementation of cisco wireless lan controller (multiple wla ns)
Implementation of cisco wireless lan controller (multiple wla ns)
 
Backend network-planning
Backend network-planningBackend network-planning
Backend network-planning
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
 
Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011Ccna 3 chapter 3 v4.0 answers 2011
Ccna 3 chapter 3 v4.0 answers 2011
 
Vlan Types
Vlan TypesVlan Types
Vlan Types
 
Day 14.2 configuringvla ns
Day 14.2 configuringvla nsDay 14.2 configuringvla ns
Day 14.2 configuringvla ns
 
Лекц 9
Лекц 9Лекц 9
Лекц 9
 
Virtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptxVirtual LAN and Vlan Trunking Protocol.pptx
Virtual LAN and Vlan Trunking Protocol.pptx
 
VLAN Network for Extreme Networks
VLAN Network for Extreme NetworksVLAN Network for Extreme Networks
VLAN Network for Extreme Networks
 
Primary vlan
Primary vlanPrimary vlan
Primary vlan
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
 
01 - VMware - L2VPN.pptx
01 - VMware - L2VPN.pptx01 - VMware - L2VPN.pptx
01 - VMware - L2VPN.pptx
 
Ccna2 project
Ccna2 projectCcna2 project
Ccna2 project
 
Visio-VSCHO001_Design
Visio-VSCHO001_DesignVisio-VSCHO001_Design
Visio-VSCHO001_Design
 
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
Webinar NETGEAR - ProsSafe Switch gestibili e supporto della configurazione ...
 
Free CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdfFree CCNP switching workbook by networkershome pdf
Free CCNP switching workbook by networkershome pdf
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtp
 
Vlan and vtp
Vlan and vtpVlan and vtp
Vlan and vtp
 
DCSF 19 Data Center Networking with Containers
DCSF 19 Data Center Networking with ContainersDCSF 19 Data Center Networking with Containers
DCSF 19 Data Center Networking with Containers
 
Sea final adapter
Sea final adapter Sea final adapter
Sea final adapter
 

Dernier

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Dernier (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

Des 3800 howto-en_guest-vlan_20060623

  • 1. 1 Configuration Examples Guest VLANGuest VLAN Technical Support Department D-Link Corp. June 2006
  • 2. 2 What is 802.1x Guest VLAN 1. Guest VLAN members can communicate to each other even if they do not pass the 802.1x authentication. 2. Guest VLAN member can move to the Target VLAN based on RADIUS VLAN attribute after passing 802.1x authentication (Guest vlan only can support port-based 802.1x, not supporting mac-based 802.1x) Guest vlan 1 2 3 4 5 6 X 1. 802.1x 2. 802.1x + guest vlan Radius ServerFTP ServerClient 2 Client 3 Client 1 Be assigned to designated vlan 3. After authentication
  • 3. 3 Why 802.1x Guest VLAN The 802.1x Guest VLAN can provide limited services to clients before passing the 802.1x authentication. For example, it can be used to download necessary 802.1x client software for those user not install the software yet.. In the diagram, before the client is 802.1x authenticated, Client PCs still can go to the public Web / FTP server at guess vlan to obtain the necessary information. After the client is 802.1x authenticated, the client connected port will be assign a new vlan membership and access the network service in the target VLAN. (assign authenticated ports to vlan v10)Client PC1 Client PC2 Client PC3 802.1x enabled ports at Guest VLAN at VLAN v10 Client need to 802.1x authenticated to access this server. Port 1 Port 8 Port 12 Port 21 Guest Vlan Before Authentication After AuthenticationVlan 10 Radius Server Web/FTP Server 2 Web/FTP Server 1
  • 4. 4 1. Two VLANs: v10 and v123 v10 static members: port 1-24 v20 static members: port 25-28 2. Guest VLAN VID=10 3. Ports 1-12 are Guest VLAN enabled ports 4. Add interface on both vlans at VLAN v20 10.10.10.101 / 8 Client PC1 11.10.10.11 / 8 Client PC2 11.10.10.12 / 8 Guest VLAN enabled ports at Guest VLAN v10 10.10.10.100 / 8 at VLAN v20 Client need to 802.1x authenticated to access this server. 10.10.10.200 / 8 802.1x Guest VLAN Example Port 1 Port 4 Radius Server Web/FTP Server 2 Web/FTP Server 1 V10 : 11.10.10.1 / 8 V20: 10.10.10.1 / 8 Port 25 Port 26 Port 19 11 10 09
  • 5. 5 1. DES3828 configuration ## Create VLANs v10 & v123 ## config vlan default delete 1-28 create vlan v20 tag 20 config vlan v20 add untagged 25-28 config ipif System ipaddress 10.10.10.1/8 vlan v20 create vlan v10 tag 10 config vlan v10 add untagged 1-24 config ipif p10 ipaddress 11.10.10.1/8 vlan v10 ## enable 802.1x & guest vlan ## enable 802.1x config 802.1x guest_vlan v10 config 802.1x guest_vlan ports 1-12 state enable ## set authenticator ## config 802.1x capability ports 1-12 authenticator config radius add 1 10.10.10.101 key 123456 default 2. Client PCs configuration: Run the D-Link 802.1x client software. 3. RADIUS Server configuration: Create username and password. Configure following RADIUS attributes for the user: Tunnel-Medium-Type (65) = 802 Tunnel-Pvt-Group-ID (81) = 20 the VID Tunnel-Type (64) = VLAN 802.1x Guest VLAN setup Example 1. Create 2 vlans V10 & V20 1. Enable 802.1x & Guest vlan 2. Set port 1 to 12 to be authenticator 1. Set radius server
  • 6. 6 About Windows 2003 Radius Server setting Configure following RADIUS attributes for the user: Tunnel-Medium-Type (65) = 802 Tunnel-Pvt-Group-ID (81) = 20 VID Tunnel-Type (64) = VLAN
  • 7. 7 802.1x Guest VLAN setup example Before DES-3828 Port 1 pass the 802.1x authentication In this stage, DES3828 port 1-24 can communicate to each other, including the Web/FTP server at port 19 of Guest VLAN, but cannot access FTP/Web server at port 26 of vlan20. Command: show vlan VID : 1 VLAN Name : default VLAN TYPE : static Advertisement : Enabled Member ports : Static ports : Current Untagged ports : Static Untagged ports : Forbidden ports : VID : 10 VLAN Name : v10 VLAN TYPE : static Advertisement : Disabled Member ports : 1-24 Static ports : 1-24 Current Untagged ports : 1-24 Static Untagged ports : 1-24 Forbidden ports : VID : 20 VLAN Name : v20 VLAN TYPE : static Advertisement : Disabled Member ports : 25-28 Static ports : 25-28 Current Untagged ports : 25-28 Static Untagged ports : 25-28 Forbidden ports : Command: show 802.1x auth_state Port Auth PAE State Backend State Port Status ------ -------------- ------------- ------------ 1 Connecting Idle Unauthorized 2 Disconnected Idle Unauthorized 3 Disconnected Idle Unauthorized 4 Connecting Idle Unauthorized 5 Disconnected Idle Unauthorized 6 Disconnected Idle Unauthorized 7 Disconnected Idle Unauthorized 8 Disconnected Idle Unauthorized 9 Disconnected Idle Unauthorized 10 Disconnected Idle Unauthorized 11 Disconnected Idle Unauthorized 12 Disconnected Idle Unauthorized 13 ForceAuth Success Authorized 14 ForceAuth Success Authorized 15 ForceAuth Success Authorized 16 ForceAuth Success Authorized 17 ForceAuth Success Authorized 18 ForceAuth Success Authorized 19 ForceAuth Success Authorized 20 ForceAuth Success Authorized 06
  • 8. 8 Command: show vlan VID : 1 VLAN Name : default VLAN TYPE : static Advertisement : Enabled Member ports : Static ports : Current Untagged ports : Static Untagged ports : Forbidden ports : VID : 10 VLAN Name : v10 VLAN TYPE : static Advertisement : Disabled Member ports : 2-24 Static ports : 2-24 Current Untagged ports : 2-24 Static Untagged ports : 2-24 Forbidden ports : VID : 20 VLAN Name : v20 VLAN TYPE : static Advertisement : Disabled Member ports : 1, 25-28 Static ports : 1, 25-28 Current Untagged ports : 1, 25-28 Static Untagged ports : 1, 25-28 Forbidden ports : Port1 PC can access FTP/Web Server 2 at vlan 20 since it becomes vlan20’s member. 802.1x Guest VLAN setup example After DES-3828 Port 1 pass the 802.1x authentication Command: show 802.1x auth_state Port Auth PAE State Backend State Port Status ------ -------------- ------------- ------------ 1 Authenticated Idle Authorized 2 Disconnected Idle Unauthorized 3 Disconnected Idle Unauthorized 4 Connecting Idle Unauthorized 5 Disconnected Idle Unauthorized 6 Disconnected Idle Unauthorized 7 Disconnected Idle Unauthorized 8 Disconnected Idle Unauthorized 9 Disconnected Idle Unauthorized 10 Disconnected Idle Unauthorized 11 Disconnected Idle Unauthorized 12 Disconnected Idle Unauthorized 13 ForceAuth Success Authorized 14 ForceAuth Success Authorized 15 ForceAuth Success Authorized 16 ForceAuth Success Authorized 17 ForceAuth Success Authorized 18 ForceAuth Success Authorized 19 ForceAuth Success Authorized 20 ForceAuth Success Authorized Port 1 pass authentication, so it will be assign to v123 since Radius has vid=123 attribute 06
  • 9. 9 802.1x Guest VLAN Test Result Test Result: 1. Before PC1 pass 802.1x authentication, PC1 still can ping/access to PC2 and FTP/WEB server1 at Guest VLAN. 2. After PC1 is 802.1x authenticated, PC1 can access FTP/WEB server2 because PC1 is moved to vlan 20 from guest vlan VID 10. (PC 1 cannot access PC2 and FTP/WEB Server1 any more) 06