Re: O.T. Authentication on device level

From: Balaji Siva (bsivasub@gmail.com)
Date: Mon Feb 21 2005 - 20:26:32 GMT-3

• Next message: Paresh Khatri: "RE: MPLS MP-BGP router behavior"
• Previous message: Lord, Chris: "RE: http authentication aaa"
• Maybe in reply to: Raymond: "O.T. Authentication on device level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Proxy MAC based 802.1x authentication is your answer (whenever that
comes out). VMPS is not going to supported in IOS based switches
(Client is but not server).

This new feature allows the switch to use the endpoint MAC address,
authenticate to RADIUS via MAC, and receive VLAN info via RADIUS
attributes. The switch could assign a fallback VLAN if the MAC is
unknown, or just leave the port down. So the RADIUS server
effectively replaces the VMPS server.

hth
Balaji

On Mon, 21 Feb 2005 15:25:24 -0500, Brian McGahan
<bmcgahan@internetworkexpert.com> wrote:
> Depending on the platforms you have you could run VLAN Management Policy
> Server (VMPS) to do dynamic VLAN assignments based on the host's MAC
> addresses:
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_2/confg
> _gd/vmps.htm
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
> 24/7 Support: http://forum.internetworkexpert.com
> Live Chat: http://www.internetworkexpert.com/chat/
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Raymond
> > Sent: Monday, February 21, 2005 9:33 AM
> > To: ccielab@groupstudy.com
> > Subject: O.T. Authentication on device level
> >
> > Dear all,
> >
> > As 802.1x authentication is only applied on user level, such that we
> > cannot
> > ensure the notebooks/PC is authorized to access the network.
> > Using port security would not be scalable, is it any solution out
> there?
> > Please
> > kindly advise.
> >
> > Thanks in advance.
> >
> > Best Regards,
> > mak
> >
> > __________________________________
> > 7Q'Y.I&,(l7s email 3q*>!H
> > $U8| Yahoo! Messenger
> > http://messenger.yahoo.com.hk/
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Paresh Khatri: "RE: MPLS MP-BGP router behavior"
• Previous message: Lord, Chris: "RE: http authentication aaa"
• Maybe in reply to: Raymond: "O.T. Authentication on device level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:24 GMT-3