🧠 Windows Server + Cisco WS-C2960S Network Integration Guide
This guide explains how to use Windows Server (IP: 10.4.27.5) to manage DHCP and network access for Cisco WS-C2960S-48FPS-L switches. It includes VLAN setup, DHCP relay, and optional 802.1X authentication.
🧭 Overview
| Feature |
Windows Server Role |
Cisco WS-C2960S Role |
| DHCP |
Assigns IPs via scopes |
Hosts VLANs, forwards DHCP |
| VLANs |
Logical separation (scopes) |
Port VLAN assignment |
| Access Control |
NPS for 802.1X authentication |
Enforces port security |
| Monitoring |
Logs DHCP leases, auth events |
Shows MACs, port status |
🧱 VLAN Design
| VLAN ID |
Name |
Purpose |
Subnet |
| 1 |
Infrastructure |
Switches, routers, APs |
10.4.27.0/24 |
| 10 |
Admin |
IT staff devices |
10.4.10.0/24 |
| 20 |
Sales |
Sales department |
10.4.20.0/24 |
| 30 |
Engineering |
Engineering team |
10.4.30.0/24 |
| 40 |
Guest |
Guest Wi-Fi |
10.4.40.0/24 |
| 50 |
VoIP |
Phones and voice gear |
10.4.50.0/24 |
| 60 |
Printers |
Network printers |
10.4.60.0/24 |
🛠️ Step-by-Step Configuration
vlan 1
name Infrastructure
vlan 10
name Admin
vlan 20
name Sales
vlan 30
name Engineering
vlan 40
name Guest
vlan 50
name VoIP
vlan 60
name Printers
2. Assign VLANs to Ports
interface range fa0/1 - 4
switchport mode access
switchport access vlan 10
interface range fa0/5 - 8
switchport mode access
switchport access vlan 20
interface range fa0/9 - 12
switchport mode access
switchport access vlan 30
interface range fa0/13 - 16
switchport mode access
switchport access vlan 40
interface range fa0/17 - 20
switchport mode access
switchport access vlan 50
interface range fa0/21 - 24
switchport mode access
switchport access vlan 60
3. Set Up DHCP on Windows Server
- Install DHCP Server role
- Create scopes for each VLAN:
- Example for VLAN 10:
- Subnet:
10.4.10.0/24
- Gateway:
10.4.10.1
- DNS:
10.4.27.5
- Repeat for VLANs 20–60
interface GigabitEthernet0/1.1
encapsulation dot1Q 1
ip address 10.4.27.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.4.10.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 10.4.20.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.4.30.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 10.4.40.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 10.4.50.1 255.255.255.0
ip helper-address 10.4.27.5
interface GigabitEthernet0/1.60
encapsulation dot1Q 60
ip address 10.4.60.1 255.255.255.0
ip helper-address 10.4.27.5
🔐 Optional: 802.1X Authentication with Windows NPS
On Windows Server
- Install Network Policy Server
- Add switches as RADIUS clients
- Create connection policies for device authentication
On Cisco Switch
aaa new-model
radius-server host 10.4.27.5 key YourSecret
aaa authentication dot1x default group radius
dot1x system-auth-control
interface fa0/1
switchport mode access
authentication port-control auto
dot1x pae authenticator
✅ Summary
- VLAN 1 is reserved for infrastructure (switches, routers, APs)
- Windows Server at
10.4.27.5 handles DHCP and authentication
- A router or Layer 3 switch routes between VLANs and relays DHCP
- Optional: Use NPS + 802.1X for secure access control