RE: 3550 port in public area

From: Jonathan V Hays (jhays@jtan.com)
Date: Thu Aug 28 2003 - 11:03:37 GMT-3

• Next message: Joe Armah: "Re: Re: Vlan design vs. subnet distribution"
• Previous message: ccie2be: "Re: regular expression"
• Maybe in reply to: James Stewart: "3550 port in public area"
• Next in thread: EToker@secura.com.tr: "RE: 3550 port in public area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry that didn't help.

From an exam standpoint I suspect that's not what they (whoever 'they'
is ;) are looking for since 802.1X does require a password. I'm not sure
what the solution is but I would always look for the minimum solution to
fulfill the requirements.

I incline towards port security. However, recent groupstudy threads
argue that port security using the MAC address is not enough, the reason
being that the additional requirement for the IP address makes it a
logical AND: both conditions must be met for the instance to be TRUE.

Jonathan

-----Original Message-----
From: James Stewart [mailto:j_t_s_stewart@hotmail.com]
Sent: Thursday, August 28, 2003 9:50 AM
To: jhays@jtan.com; ccielab@groupstudy.com
Subject: RE: 3550 port in public area

Hi Jonathan

The link is where I got the information for the question/query.
What I would like to know is an appropriate solution, or is it a sledge
hammer to crack a very small nut.
The restiction is for MAC/IP address, not a password. Does 802.1X solve

this?

Many thanks
Jim

>From: "Jonathan V Hays" <jhays@jtan.com>
>To: "'James Stewart'"
<j_t_s_stewart@hotmail.com>,<ccielab@groupstudy.com>
>Subject: RE: 3550 port in public area
>Date: Thu, 28 Aug 2003 09:32:02 -0400
>
>Reading this link will probably answer most of your questions.
>
>http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550
s
>cg/sw8021x.htm
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>James Stewart
>Sent: Thursday, August 28, 2003 8:52 AM
>To: ccielab@groupstudy.com
>Subject: 3550 port in public area
>
>
>Hi group
>
>My lab requirement is that a 3550 port f0/10 is in a public area and
>only
>MAC address 0000.0c98.1234 with an IP address of 192.168.1.50 can get
>access.
>This is a similar question as to my '3550 Restrict Access' question.
>
>There is was decided - I think, that port secruity and a static ARP was
>the
>solution.
>
>I have just read the config quide for the 3550 and have come across
>'802.1X
>Port-Based Authentication'.
>It says "The 802.1X standard defines a client-server-based access
>control
>and authentication protocol that restricts unauthorized clients from
>connecting to a LAN through publicly accessible ports.
>The authentication server authenticates each client connected to a
>switch
>port before making available any services offered by the switch or the
>LAN."
>Does this requires an Authentication Server? Or can an ACL be used - if
>so
>what type IP and/or MAC?
>
>Is this method password protected rather than address protected?
>
>Many thanks
>Jim
>
>_________________________________________________________________
>Express yourself with cool emoticons - download MSN Messenger today!
>http://www.msn.co.uk/messenger
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>
>

• Next message: Joe Armah: "Re: Re: Vlan design vs. subnet distribution"
• Previous message: ccie2be: "Re: regular expression"
• Maybe in reply to: James Stewart: "3550 port in public area"
• Next in thread: EToker@secura.com.tr: "RE: 3550 port in public area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:09 GMT-3