VLANS & Mobile devices roaming 50

syedjahanzaib Lv1Posted 2022-Dec-12 11:40

Last edited by syedjahanzaib 12 Dec 2022 12:48.

In our company we Active directory/dhcp running on single default VLAN1 with /8 DHCP pool (yes /8 is bad & we are trying to get rid of by /8 introducing vlans & different ip subnet scheme for each Dept.). Laptop/Desktop users gets ip from 10.0.0.1-10.0.10.255 pool which is set for SSO AD Authentication in IAM. For mobiles phones devices we manualy reserve there ip ip from 10.0.11.1-10.0.11.255 pool & in sangfor we added this 2nd pool in auth policy for local account (USER MAC address local Account in IAM). so in in order to allow internet for mobile phone devices, we only reserve his mobile mac address in dhcp to get ip from 10.10.11.x series gateway pointint got IAM device & his interent works automatically. We also have wifi (UBNT APs) across the company with single SSID so that users internet should work transparently at any location.



We are in process of introducing vlans/subnet for each Dept. Desktop laptop gets whatever IP there internet works fine via SSO AD auth, BUT how mobile devices will going to work if they roam around & gets different ip series from roamed vlan.

Example if set to do SSO auth on 10.0.0.1-10.0.0.100 , & 10.0.0.101-10.0.0.200 for local mac auth, (VLAN-10 dhcp range) We just reserve the user mobile mac address to use the later range (local mac account) & users mobiel internet works fine, BUT if the user mobile roams around to vlan-11 Dept. where he dont have the mac reservation in dhcp for vlan-11 pool, his internet will not work because he will by default get ip vlan-11 pool  which auth will work via SSO & mobile internet will not work auto.

so if I have 50 VLANs, do I have to reserve mobile ip in all 50 vlan later range for mac auth, not possible. what is the workaround?

Farina Ahmed has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins, 50 coins of bounty and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Binding MAC Addresses of each mobile is the only best solution. Otherwise you will always have this problem in future of associating certain IPs to certain devices.
Is this answer helpful?
Faisal P Posted 2022-Dec-20 21:22
  
Each VLAN will be on different subnet. Using dhcp classless routes , L3 switch will be there gateway for intervlan routing to communicate with other users and servers. and for internet they will have default gateway pointing to internet router which will have there corresponding vlan sub interface to provide internet connectivity. yes these mobile devices should access all resources in other vlans like file servers etc.
arjay Lv3Posted 2022-Dec-20 16:41
  
Used Mac binding for a fixed IP
Adonis001 Lv3Posted 2022-Dec-19 21:26
  
It must be binding the MAC to IP Add
jetjetd Lv5Posted 2022-Dec-19 16:21
  
For me this is my solution, create an SSID per department for each VLAN you plan to create. Create a second SSID, this SSID is for users that came from other departments. You can create any restrictions here or other resources that they will only access since they are from other departments.
ZoroZoro Lv3Posted 2022-Dec-19 14:37
  
Binding MAC/IP Address is the solutions on your issues
Nami Lv2Posted 2022-Dec-19 14:31
  
Only the binding of MAC to IP is the option
Franky Lv3Posted 2022-Dec-19 14:23
  
Bind the IP to the MAC
noime Lv3Posted 2022-Dec-19 14:07
  
Only binding is the solutions to this
Pat Lv4Posted 2022-Dec-19 13:53
  
I agree. Bind your mac address to a fixed IP

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders