From: John Wong (johnwk@unimelb.edu.au)
Date: Wed Dec 22 2004 - 03:11:51 GMT-3
Tim,
From what I understand, the Guest VLAN should be restricted by some other
means (i.e. Firewalls, ACLs, etc...) such that the "guests" are restricted
in what resources/services they can access. e.g. guests are redirected to
a webserver which contains information or files required to enable 802.1x
if they need Internet access, etc.. Only authenticated users should be
given full/more access to resources.
Cheers!
ccie2be wrote:
> Hi guys,
>
> When you configure vlan to be a guest vlan for hosts that aren't 802.1x
> compliant,
>
> are there, by default, any restrictions on what traffic the port will pass?
>
>>From what I can tell from the documentation, a guest vlan is like any other
> vlan
>
> except non 802.1x compliant hosts don't have to authenticate. But, what makes
> no sense to me is, if
>
> a non 802.1x host is connected to port, why make that port require dot1x
> authentication in the first place?
>
> To me, it seems like first you're requiring 802.1x authentication for a port
> and then
>
> with the guest vlan you're not requiring 802.1x for that same port.
>
> Maybe I'm the dumb one here, but this seems pretty stupid. So, I'm hoping
> someone
>
> can explain why this isn't actually as stupid as it seems.
>
>
> Also, if anyone knows of any white papers or case studies that explain or
>
> provides examples of how to make practical use of this feature, could you
> provide a link?
>
> Thanks alot, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:29 GMT-3