From: kcobean@earthlink.net
Date: Thu Oct 09 2003 - 00:39:18 GMT-3
Wing,
Yes, you can use ACS as the authenticator for 802.1x. As an additional option since you are talking about MAC ACL's on switch ports, you might investigate VMPS. This would allow you to define what VLAN a port goes into based on the MAC address of the connecting device. If the device isn't registered in the VMPS database, you can drop it into a "fallback VLAN" that routes to null 0. I think this method is pretty maintenance intensive on larger networks, but is a flexible and secure option overall. Keep in mind that there are known problems between the Windows XP 802.1x client and the cisco 802.1x service on their switches. The installable Win2K client seemed to work great, though.
Hope this helps,
Kelly Cobean
-----Original Message-----
From: wing_lam@jossynergy.com
Sent: Oct 8, 2003 11:22 PM
To: ccielab@groupstudy.com
Subject: 802.1X authorization
Hi,
Just want to ask whether we can perform authorization by 802.1X with ACS?
What I want to do is to dispatch VLAN maps or MAC access lists to certain
switch port once a PC is connected. Any other method can achieve the same
goal?
Thx,
BBD
DISCLAIMER:- This email is confidential and intended only for the use of
the individual or entity named above and may contain information that is
privileged. If you are not the intended recipient, you are notified that
any dissemination, distribution or copying of this email is strictly
prohibited. If you have received this email in error, please notify us
immediately by return email or telephone and destroy the original message.
Thank you.
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:59 GMT-3