Case Study 4 - Hot Desking 81
Case Study 4 - Hot
Combining Auto VLAN with IEEE 802.1X enables users to login anywhere
on the network, and always have access to their network (for example,
the Engineering VLAN, or Marketing VLAN). This makes hot-desking
viable, as users can change desks and still gain access to their network.
Administrator Tasks
The following provides an overview of the tasks for a network
administrator responsible for the domain on the network.
1 Ensure edge port security is set to IEEE 802.1X and Auto VLAN is enabled,
on edge ports in the domain.
Edge ports are called ‘access ports’ on the Switch 5500.
Using 3Com Network Access Manager:
2 Decide how you want to apply the Default Rule. You can use the Default
Rule to either:
deny access to unspecified users, or
allow access to users who are not hot desking and who do not require
VLAN and QoS assignments.
3 Select the Default Rule and set the Network Access to either Deny or
Allow, according to your decision in step 2
4 Create VLANs and QoS profiles. Use the same VLAN IDs and QoS profile
IDs as set up in the network access device (switch or wireless access
point), otherwise the network access device may not accept the RADIUS
5 Create rules to support the assignment of a VLAN and QoS profile to
those users and groups permitted to log in. For example, in a school the
following rules could be created: Staff, Student, SysAdmin.
a Set security permissions for each rule. Grant READ and WRITE access
to the users/groups permitted to apply the rule, grant READ access to
all Network Administrators in the domain to ensure they can see that
the rule exists even if they are not permitted to apply the rule.
b Set the Actions for each rule:
select the rule priority,
set Network Access for the rule, to Allow to permit access to the