4
ports 1 through 8 are always assigned to a specific VLAN – but as before, security can be
circumvented simply by attaching a computer to the desired port.
For Port-Based VLANS, what we really need are three separate solutions: (1) A way to authenticate
users, (2) A way to grant authenticated users access to the network, and (3) A way to assign
authenticated users to specific VLANs with network access restrictions, bandwidth constraints, and
other controls. A Port-Based VLAN solution with dynamic authentication is shown in Figure 4 –
Dynamic VLANs.
Figure 4 - Dynamic VLANs
Here, users are dynamically authenticated and assigned to specific VLANs regardless of what switch
port they use. A user that cannot be authenticated is assigned a VLAN where they can do no
damage. This behavior is fine for users, but what about printers and MFPs? Well, the nice part
about 802.1X is that wired HP Jetdirect print servers support it. All we need to do is create users in
Active Directory that correspond to Jetdirect-based printers and printer management servers, and we
can do what is shown in Figure 5 – Printing and Imaging VLANs.
To Next Page
Loading...
