Hello,
We are looking at ways to ease management of VLANs, and secure on basis of MAC address (yes I know, easily spoofed).
After much googling, it seems that:
- 802.1x has the potential to do what we want, but always needs a supplicant (agent) on the connecting device. As too many devices we use (a.o. thin clients) do not have this capability, this is out for now[1]. Am I correct that for MAC based 802.1x vlan assignment, one always needs an agent on the device?
- The other option would be VMPS. Open Source software can get the MAC/ VLAN assignment from a database[2], but can Cisco software do similar? Do they even have a dedicated VMPS server, or is one stuck with downloading a file to the master switches?
I hope I'm wrong, too many sites say that VMPS is deprecated in favor of
802.1x. But requiring an agent on the end device is quite a big step. Why is there no middle ground between these two?TIA, M4
[1] We'll be switching to 802.1x capable thin clients soon, so it may not be out completely. [2] Think CMDB. Not in CMDB => No access. In CMDB => department and requesting switch dictate VLAN.