Re: Dot1x

From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Thu Jun 26 2008 - 11:57:44 ART

• Next message: darth router: "Re: Congrats to Scott Morris and IE"
• Previous message: CCIE 2008: "Re: CCDE"
• Maybe in reply to: David Lonnie: "Dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

David,

By saying you devide the port into VLAN 500, I take it you mean assign.

Yes, your dot1x authentication and authorization would still work perfectly.
Whether you choose to do dynamic VLAN assign from ACS via Attributes [64],
[65] and [81] or not, if you are, assign the same access VLAN that you have
configured on the port (which doesnt make much sense) or change the VLAN to
another one on the fly, is up to your authorization policy, but both ways
work fine.

I agree with Mohammed, assigning the same VLAN to Access, Guest and AuthFail
doesnt make much sense from a logical point on view. But I have not come
across any restriction on the use though - so I guess its all fair game.

Anyways, HTH
Sadiq

• Next message: darth router: "Re: Congrats to Scott Morris and IE"
• Previous message: CCIE 2008: "Re: CCDE"
• Maybe in reply to: David Lonnie: "Dot1x"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART