Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: network design

network design 7 years 11 months ago #28583

  • ammadeyy
  • ammadeyy's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Core Switch : Catalyst 3750
20 vlans created.

Core switch act as VTP domain
all other switches are as vtp client, connected as trunk

vlan traffic is routed through access-list

Floor 10 Core Switch Catalyst 3750
Floor 9 Catalyst 2900
Floor 8 Catalyst 2900
Floor 7 Catalyst 2900
Floor 6 Catalyst 2900
Floor 5 Catalyst 2900
Floor 4 Catalyst 2900
Floor 3 Catalyst 2900
Floor 2 Catalyst 2900
Floor 1 Catalyst 2900

My requirments are

1. User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10
2. User 1 found administrator password and change his ip to vlan 20 ip, he should NOT be able to access vlan 20, or the switch should block his MAC

whats the easiest way to do this, using the above switches
The administrator has disabled public write access.

Re: network design 7 years 11 months ago #28601

  • valkyrnash
  • valkyrnash's Avatar
  • Offline
  • New Member
  • Posts: 11
  • Karma: 0
Let's take first things first. Your 1st requirement:
"User 1 in vlan 10, if he connect his laptop anywhere in the building he should be at vlan 10"
To do this, it is my understanding that you would need a VLAN Membership Policy Server (VMPS), which can be run on a Catalyst 4500 or 6500. As you don't have any VMPS capable switches, it looks like you wont be able to meet this requirement... or you could setup up a 3rd party on FreeNAC.

If you do setup a VMPS, and he changes his IP, he wont be able to communicate with any devices, as either his IP will be out of the range of his Default Gateway, or his self-assigned gateway will mismatch that which the switch is giving him via the VMPS/VTP/VLAN (ie, the switch will still assign him vlan 10).

If there is another way, I'd be interested...
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup