RE: 3550 port in public area

From: Micah Byers (mbyers@hypervine.net)
Date: Fri Aug 29 2003 - 09:47:41 GMT-3

• Next message: SHARMA,MOHIT (HP-Germany,ex1): "RE: Broadcast storm- Please HELP"
• Previous message: Mike Williams: "RE: Native VLAN mismatch"
• Maybe in reply to: James Stewart: "3550 port in public area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

James,
 
     The solution of dot1x is used when you want to setup username/password type authentication to access the network. If you wanted to restrict access to a specific MAC address and a specific IP address then Port Security with a static MAC address as well as an ACL for the IP restriction is what you would want to do. Remember that you want to look at what is connected to that port and what MAC address it has before you setup port security. The reason for this is that if you setup port security for a static MAC address that doesn't exist on that port and it is connected to one of your routers then that router will lose it's connection unless you first change that router's MAC address and clear port-security and the mac-address-table. Only add 802.1x if it is a requirement that is being asked for in the lab.
 
Micah J Byers- CCIE #12079

        -----Original Message-----
        From: James Stewart [mailto:j_t_s_stewart@HOTMAIL.COM]
        Sent: Thu 8/28/2003 7:51 AM
        To: ccielab@groupstudy.com
        Cc:
        Subject: 3550 port in public area
        
        

        Hi group
        
        My lab requirement is that a 3550 port f0/10 is in a public area and only
        MAC address 0000.0c98.1234 with an IP address of 192.168.1.50 can get
        access.
        This is a similar question as to my '3550 Restrict Access' question.
        
        There is was decided - I think, that port secruity and a static ARP was the
        solution.
        
        I have just read the config quide for the 3550 and have come across '802.1X
        Port-Based Authentication'.
        It says "The 802.1X standard defines a client-server-based access control
        and authentication protocol that restricts unauthorized clients from
        connecting to a LAN through publicly accessible ports.
        The authentication server authenticates each client connected to a switch
        port before making available any services offered by the switch or the LAN."
        Does this requires an Authentication Server? Or can an ACL be used - if so
        what type IP and/or MAC?
        
        Is this method password protected rather than address protected?
        
        Many thanks
        Jim
        
        _________________________________________________________________
        Express yourself with cool emoticons - download MSN Messenger today!
        http://www.msn.co.uk/messenger
        
        
        _______________________________________________________________________
        You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
        
        Subscription information may be found at:
        http://www.groupstudy.com/list/CCIELab.html

• Next message: SHARMA,MOHIT (HP-Germany,ex1): "RE: Broadcast storm- Please HELP"
• Previous message: Mike Williams: "RE: Native VLAN mismatch"
• Maybe in reply to: James Stewart: "3550 port in public area"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:10 GMT-3