Re: 802.1x Interpretation

From: Michy Eika (cciemaster@shingor.net)
Date: Mon Jan 08 2007 - 05:47:49 ART

• Next message: Alexei Monastyrnyi: "Re: IP Multicast"
• Previous message: Daniel Fischer: "Re: OT SFP/GBIC on Catalyst switch and router"
• Maybe in reply to: Noel Debouver III: "802.1x Interpretation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi !

According to following Link, in802.1x Radius is only supported
authentication server.
Local database is available to perform authentication ?

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/s
w8021x.htm#wp1029355

By the way, with regard to 12.2(25)SEE on Cat3550, "dot1x auth-fail" command
seems
to be configurable.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/sw802
1x.htm

However, with respect to 12.2(25)SEC on Cat3550, this command seems not to
be implemented.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/s
w8021x.htm

How can I perform same functionality such as "dot1x auth-fail" on
12.2(25)SEC ?

Does anybody know about this ? Alternative solution exists ?

Michy

-----
Original Message ----
From: Ivan <ivan@iip.net>
To:
ccielab@groupstudy.com;
Noel Debouver III <noeldebouveriii@yahoo.com>
Sent:
Friday, January 5, 2007
6:20:11 PM
Subject: Re: 802.1x Interpretation

Think
that you missed up about
failed authorization. Failed authorization and client dont have dot1x
support is differ each other.
dot1x auth-fail vlan 55 -
for client wich failed auth
proccess
dot1x guest vlan 11 - for client wich not dot1x-capable

also you
don't allowed using auth server.
May be need
something like this
aaa
authentication login def local
aaa authorization netw
def if-auth

On Saturday
06 January 2007 02:00, Noel Debouver III wrote:
>
Configure F0/1 for
authorization clients with dot1x. Interface must be in
>
unauthorized mode.
If client is failed authorization, then he must be in
>
VLAN_55
> Users don"t
have dot1x also must be in VLAN_11 NOTE: you are not
>
allowed to configure
aaa authentication server for this task.
>
> I'm
thinking:
> dot1x
system-auth-control
> dot1 guest-vlan supplicant
>
> aaa
new-model
> aaa
>
authentication login default none
> aaa authentication dot1x
default group
>
radius
>
> int F0/1
> dot1x port control auto
> dot1x
guest-vlan 11
>
>
> What
I am
> asking is would you interpret the question the
same way? Why or why
not?
> Would you configure it differently, why or why
not?
>
> Your help would
be
> appreciated.
>
>

• Next message: Alexei Monastyrnyi: "Re: IP Multicast"
• Previous message: Daniel Fischer: "Re: OT SFP/GBIC on Catalyst switch and router"
• Maybe in reply to: Noel Debouver III: "802.1x Interpretation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART