Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Implementing 802.1x on a wired network 1

Status
Not open for further replies.

RookThis

Technical User
Joined
Jul 27, 2002
Messages
195
Location
US
Has anyone tried implementing 802.1x on a wired network? I'm trying to determine how devices that do not have machine certificates are supported in this environment, such as printers. I've thought that enabling port security but that will require a lot of adminisistration. Does anyone have any information pertaining to this?

Thanks!
 
For devices that simply don't have an 802.1x supplicant then the options are to use Guest VLAN's, disable 802.1x on the particular port or a 3rd new option from Cisco based on mac-based proxy-802.1x. This works by waiting for the switchport to timeout the dot1x EAPOL polls (can be tuned) and then sends a proxy-dot1x authentication request to the RADIUS server using the clients MAC address. I don't know any more than that but I presume it only works with Cisco ACS (and probably the very latest version at that).

Port securtiy can be enabled with 'Sticky' MAC addresses so you don't have to manually enter all the MAC addresses. Still a bit of a pain to administer though if clients do move around.

HTH

Andy
 
Thx Andy for the information... Do you know if there is any info on the mac-proxy feature? I'll take a look on CCO, but it looks like you have more insight to this than I do.

I appreciate the help! Thanks again!
 
It has only appeared in the latest IOS release notes - 12.1(22)EA7 for Catalyst 2950 and 12.2(25)SEE for 2960,2970,3550,3560 and 3750. Cisco have apparently 'harmonised' the 802.1x code on all platforms (at least with the 12.2(25)SEE they have, although they introduced a BIG 802.1x Radius bug as well.....).

I remember getting a partner email last year about the Proxy-MAC authentication but then never heard anything more until these release notes.

HTH

Andy
 
Andy, do you have the link for the release notes? I've looked on CCO at the release notes for the images that you denoted, and I can't find that information. Can you assist me with this please.

Thanks
 
Thanks again Andy...
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top