Case Study 4 - Hot Desking | 81 |
Case Study 4 - Hot Combining Auto VLAN with IEEE 802.1X enables users to login anywhere
Deskingon the network, and always have access to their network (for example, the Engineering VLAN, or Marketing VLAN). This makes
Network The following provides an overview of the tasks for a network Administrator Tasks administrator responsible for the domain on the network.
1Ensure edge port security is set to IEEE 802.1X and Auto VLAN is enabled, on edge ports in the domain.
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2Decide how you want to apply the Default Rule. You can use the Default Rule to either:
deny access to unspecified users, or
allow access to users who are not hot desking and who do not require VLAN and QoS assignments.
3Select the Default Rule and set the Network Access to either Deny or Allow, according to your decision in step 2
4Create VLANs and QoS profiles. Use the same VLAN IDs and QoS profile IDs as set up in the network access device (switch or wireless access point), otherwise the network access device may not accept the RADIUS response.
5Create rules to support the assignment of a VLAN and QoS profile to those users and groups permitted to log in. For example, in a school the following rules could be created: Staff, Student, SysAdmin.
aSet security permissions for each rule. Grant READ and WRITE access to the users/groups permitted to apply the rule, grant READ access to all Network Administrators in the domain to ensure they can see that the rule exists even if they are not permitted to apply the rule.
bSet the Actions for each rule: select the rule priority,
set Network Access for the rule, to Allow to permit access to the network,
