4 Replies Latest reply on May 26, 2016 9:27 AM by diggly

    Can I assign a VLAN based on a MAC Address?

    diggly New Member

      In addition to company issued laptops, we have on our network many devices issued to us by our clients, used primarily to VPN back into the issuing company's network.

      I want to segregate the traffic for these client devices, primarily for security reasons but also to exclude them from our inventory system --- these client devices are usually locked down tight and can't be scanned.

      I am using Adtran 1638p switches, and have created VLAN 2 for our company owned devices and VLAN 3 for client devices.  Here is a typical port configuration:

       

      interface gigabit-switchport 0/1
        no shutdown
        switchport mode trunk
        switchport trunk native vlan 2
        switchport trunk allowed vlan 2,3

      Let's assume vlan 2 is 10.0.2.0/24 and vlan 3 is 10.0.3.0/24

      I want my users to be able to plug in a laptop and end up on the correct VLAN based on whether it is a company or client laptop.  All I have to work with is the MAC address.  Is there any way to assign the VLAN based on the MAC address so that a company-owned device gets a 10.0.2.x address and the client-owned laptop gets a 10.0.3.x address.

       

      I have thoroughly researched ways to make this happen at the DHCP server, and I think it just can't be done at that level because the DHCP server sees the Relay Agent address as the native VLAN address and assigns IPs accordingly.

      Thanks for any help!