Re: 802.1X authorization

From: Darren Ward (dward@pla.net.au)
Date: Thu Oct 09 2003 - 00:49:05 GMT-3

• Next message: CCIE Wanabe: "THANKS -> Do we REALLY need a CCIE home LAB"
• Previous message: kcobean@earthlink.net: "Re: 802.1X authorization"
• Maybe in reply to: wing_lam@jossynergy.com: "802.1X authorization"
• Next in thread: Jung, Jin: "RE: 802.1X authorization"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Cisco has released or is soon to release new 802.1x software (as part of
switch software) that will support dynamic VLAN and setting of the port
interface description via 802.1x, this means you can set custom vendor
attributes in ACS to send back the appropriate vectors.

We met with Cisco to look into using 802.1x and they put this up as on
their roadmap for imminent implementation and that was a few months
ago.....

Darren

On Wed, 8 Oct 2003 kcobean@earthlink.net wrote:

> Wing,
> Yes, you can use ACS as the authenticator for 802.1x. As an additional option since you are talking about MAC ACL's on switch ports, you might investigate VMPS. This would allow you to define what VLAN a port goes into based on the MAC address of the connecting device. If the device isn't registered in the VMPS database, you can drop it into a "fallback VLAN" that routes to null 0. I think this method is pretty maintenance intensive on larger networks, but is a flexible and secure option overall. Keep in mind that there are known problems between the Windows XP 802.1x client and the cisco 802.1x service on their switches. The installable Win2K client seemed to work great, though.
>
> Hope this helps,
> Kelly Cobean
>
> -----Original Message-----
> From: wing_lam@jossynergy.com
> Sent: Oct 8, 2003 11:22 PM
> To: ccielab@groupstudy.com
> Subject: 802.1X authorization
>
> Hi,
>
> Just want to ask whether we can perform authorization by 802.1X with ACS?
> What I want to do is to dispatch VLAN maps or MAC access lists to certain
> switch port once a PC is connected. Any other method can achieve the same
> goal?
>
> Thx,
> BBD
> DISCLAIMER:- This email is confidential and intended only for the use of
> the individual or entity named above and may contain information that is
> privileged. If you are not the intended recipient, you are notified that
> any dissemination, distribution or copying of this email is strictly
> prohibited. If you have received this email in error, please notify us
> immediately by return email or telephone and destroy the original message.
> Thank you.
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: CCIE Wanabe: "THANKS -> Do we REALLY need a CCIE home LAB"
• Previous message: kcobean@earthlink.net: "Re: 802.1X authorization"
• Maybe in reply to: wing_lam@jossynergy.com: "802.1X authorization"
• Next in thread: Jung, Jin: "RE: 802.1X authorization"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:59 GMT-3