From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Tue Oct 18 2005 - 19:30:43 GMT-3
Simon,
You understand the option correctly.
One possible option is to concurrently setup the guest vlan. This would
effectively restrict access to internal resources based upon a clients
ability to perform dot1x or not perform dot1x authentication.
Just another option...
-----Original Message-----
From: simon hart [mailto:simon@harttel.com]
Sent: Tuesday, October 18, 2005 2:03 PM
To: Group Study
Subject: 3550 port control Dot1x
Hi all,
I have been reviewing the Dot1x commands. I have looked at Dot1x
port-control |auto | force-authorized | force-unauthorized
Now, my understanding of force-unauthorized is that the port will not
authorize anything as any attached device regardless of Dot1x
authentication will be treated as unauthorized and thus will not be able
to use the port.
Can anyone shed any light on the pracitcality of this? Surely if you do
not wish a port to be used by anyone you would then just shut it down
Simon
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.12.2/137 - Release Date: 16/10/2005
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3