Re: dot1x

From: Christian Zeng (christian@zengl.net)
Date: Mon Jan 07 2008 - 17:34:29 ARST

• Next message: Robert CCIE: "Re: Recommendation for switching book."
• Previous message: John: "Re: IWEB Vol4 task 1.5 trunking"
• Maybe in reply to: Deepinder Babbar: "dot1x"
• Next in thread: Darby Weaver: "Re: dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

* Joseph Saad wrote:
> !!!! guest-vlan will be used if the client doesn't support dot1x (i.e. EAP
> packets aren't detected)
> fail-auth VLAN will be used when client fails authentication.

Thanks for the hint, I didn't know this feature exists (did my studies
with 12.2(25)SEC).

>> aaa authen login CON none
>> aaa authen login VTY line
>>
>> line con0
>> login authen CON
>>
>> line vty 0 15
>> login authen VTY
>>
>> This reduces the risk when accidentally changing the default method
>> later and break requirements or lock yourself out.
>>
>
> !!! this obviously require the definition of "username U password p"
> statement ... but I could be stating the obvious.

Username entry in the local db is not needed, the VTY method uses the
line password (assuming it was there in the initial config).

Christian

• Next message: Robert CCIE: "Re: Recommendation for switching book."
• Previous message: John: "Re: IWEB Vol4 task 1.5 trunking"
• Maybe in reply to: Deepinder Babbar: "dot1x"
• Next in thread: Darby Weaver: "Re: dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST