Re: Exclude the phone form the 802.1X from Radioactive Frog on 2012-04-28 (Ccielab archives 04/2012)

From: Radioactive Frog <pbhatkoti_at_gmail.com>
Date: Sun, 29 Apr 2012 10:57:28 +1000

rigth on Sadiq.. but AFAIK this feature is not available in newer code (52
or above) anymore :(

MAB is common and very practical practice for production. Otherwise why
would you go for dot1x, that defeats the purpose of of dot1x implementation.

Other simple one without creating a username/password in radius:
keep all port configs identical for dot1x or non-dot1x supplicants. If you
want to exclude a port from dot1x auth process, just use a command "dot1x
authentication open". This works on newer and older codes. So basically you
are keeping configs identical, except this one command. This command
suppose to meant for troubleshooting but I have to implement it in some
instances.

HTH.

On Sun, Apr 29, 2012 at 8:58 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

> MAB will not exclude the IP phone from authenticating; it would
> authenticate the IP phone using its MAC address; hence MAC auth bypass.
>
> If you configure the host mode as single, then if the IP phone is a Cisco
> one, its excluded from authentication. This is called CDP Bypass.
>
> HTH,
>
> Sadiq
>
>
> On Sat, Apr 28, 2012 at 10:35 AM, Radioactive Frog <pbhatkoti_at_gmail.com>wrote:
>
>> MAB
>>
>> On Sat, Apr 28, 2012 at 4:16 PM, amin <amin_at_axizo.com> wrote:
>>
>> > Hi Experts,
>> >
>> > How to configure 802.1x for the PC that is connected to a switch port
>> and
>> > exclude the IP phone?
>> >
>> > Regards,
>> >
>> > Amin
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIEx2 (R&S|Sec) #19963

Blogs and organic groups at http://www.ccie.net
Received on Sun Apr 29 2012 - 10:57:28 ART

This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:46 ART