Dynamic VLAN

[iParanormalx]

Wondering if any of you networking guys have worked Dynamic VLAN assignment through 802.1X and a radius server. I'm wondering how VLAN configuration is streamlined in large networks and this seems like the best bet. Typically you think VLANs happen as a configuration on a physical switch port but its not genuinely a virtual network if that configuration is statically assigned to a physical interface. With Dynamic VLAN the authentication server determines the type of hardware device or user that is connecting to the switch port and configures that interface for the appropriate VLAN.

Has anyone here employed this in a production environment?

 

[iFargle]

I set this up a few years ago where I work using PacketFence.

It's been magical. We have probably two dozen VLAN's here and machines flow between them quite often (each test stand has a few VLAN's, including our "Mission/Test (as in engine tests, not as in a 'you're free to break things' network)" network and an Access network. Machines roll around our hangar floors all the time, and having to reconfigure VLAN's was a paint. This was one of my first projects here

We do full MAC's instead of just the OUI for better security. There's a limited number of machines allowed on our mission network.