DHCP in Cisco Switch and User Authentication

Discussion in 'Cisco' started by kamal1352, Jan 4, 2009.

  1. kamal1352

    kamal1352

    Joined:
    Apr 5, 2008
    Messages:
    8
    Hi All
    I have 4 switch 3750 and 8 switch 2960 now and Config 3750 Core for 6 Vlans and 3 DHCP for 3 vlan IPs
    Vlan2 : Users1 IP 172.16.201.1-250
    Vlan3 : Users2 IP 172.16.202.1-250
    Vlan4 : Users3 IP 172.16.203.1-250
    and in all 2960 I set ports for mamber of vlan
    such as sw2960-1 port g0/2 switch access vlan 2 and ...
    and I have a Domain Controller with Windows 2003 Server and all client ogon to this,
    now I want to set user login after that ip assigned to user from DHCP and port set to access special vlan for example
    if U1 login from client 1 or another clients IP is assigned to him from vlan2 DHCP
    if U2 login from client 1 IP is assigned to him from vlan3 DHCP
    Can I do it and if I can how do it?:barresed:
     
    kamal1352, Jan 4, 2009
    #1
    1. Advertising

  2. kamal1352

    slaquer

    Joined:
    Jan 3, 2009
    Messages:
    9
    I apologize if I am missing your point here.

    If all you want to do is assign the correct VLAN DHCP address to users:

    1) Create your scopes in DHCP for each VLAN

    2) Create the VLANs on your core (VTP domain, VLAN setup etc)

    3) For each VLAN on the core, make the IP the gateway for the VLAN and put an ip-helper address command pointing to your DHCP server in the VLAN interface config.

    4) Make sure the switchport is in the correct VLAN for each client.

    5) Make sure core can route to your DHCP server. If the DHCP server is on one of the VLAN subnets, this will be default behavior.

    That's it.

    Now, if you are wanting users to have to authenticate prior to getting a DHCP address, you are looking at a NAC or NAP or something similiar.
     
    slaquer, Jan 4, 2009
    #2
    1. Advertising

  3. kamal1352

    kamal1352

    Joined:
    Apr 5, 2008
    Messages:
    8
    Thank you for your answer, but
    I setting my lan as first -> client access to vlan then assign a IP to him after that login to Domain by this setting for example for vlan 2:
    Cisco 3750 Core:
    ip dhcp pool Users1
    network 172.16.201.1 255.255.255.0
    default-router 172.16.201.1
    dns-server 172.16.200.6
    lease 365
    interface Vlan2
    ip address 172.16.201.1 255.255.255.0
    and set VTP Domain
    In 2960 Switch for example set for G0/12
    interface GigabitEthernet0/12
    description U1 client
    switchport access vlan 2
    switchport mode access
    switchport port-security mac-address 0010.b597.8bf4
    spanning-tree portfast

    now the client U1 after connect to this port get an IP from DHCP pool User2
    after that user can connect to domain by username and password
    But I want to revers method
    First user login to domain after that port assigned to vlan and assigned an IP
    for example now if User1 or User2 login from computer U1 assign IP from pool Users1 and not different between them but I want if User1 login from Computer U1 assigned IP from pool Users1 and if User2 login from same computer(U1) assigned another IP from another pool (for example from pool Users2)
    Can I do it and what solution for this plan,
    Thanks
    Kamal
     
    kamal1352, Jan 4, 2009
    #3
  4. kamal1352

    donjohnston

    Joined:
    Jun 28, 2008
    Messages:
    38
    The only way to do what (I think) you're trying to do is with 802.1x.
     
    donjohnston, Jan 4, 2009
    #4
  5. kamal1352

    slaquer

    Joined:
    Jan 3, 2009
    Messages:
    9
    Agreed - use NAC or something similiar.
     
    slaquer, Jan 5, 2009
    #5
  6. kamal1352

    kamal1352

    Joined:
    Apr 5, 2008
    Messages:
    8
    Thank you donjohnston and slaquer for your answer
    I try to config my wiring Network for 802.1x
    Best Regards
    Kamal
     
    kamal1352, Jan 5, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rafael
    Replies:
    1
    Views:
    3,257
  2. Johnny
    Replies:
    11
    Views:
    3,110
    Cerebrus
    Aug 4, 2006
  3. Vimokh
    Replies:
    3
    Views:
    5,787
    Vimokh
    Sep 6, 2006
  4. zillah
    Replies:
    0
    Views:
    732
    zillah
    Nov 9, 2006
  5. pacmas72@gmail.com

    cisco switch 2950, vlan and dhcp scope

    pacmas72@gmail.com, Mar 11, 2008, in forum: Cisco
    Replies:
    6
    Views:
    12,216
    News Reader
    Mar 17, 2008
Loading...

Share This Page