Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Implementing 802.1x on a wired network 1

Status
Not open for further replies.
RookThis

RookThis

Technical User
Joined
Jul 27, 2002
Messages
195
Location
US
Has anyone tried implementing 802.1x on a wired network? I'm trying to determine how devices that do not have machine certificates are supported in this environment, such as printers. I've thought that enabling port security but that will require a lot of adminisistration. Does anyone have any information pertaining to this?

Thanks!
 
Sort by date Sort by votes
For devices that simply don't have an 802.1x supplicant then the options are to use Guest VLAN's, disable 802.1x on the particular port or a 3rd new option from Cisco based on mac-based proxy-802.1x. This works by waiting for the switchport to timeout the dot1x EAPOL polls (can be tuned) and then sends a proxy-dot1x authentication request to the RADIUS server using the clients MAC address. I don't know any more than that but I presume it only works with Cisco ACS (and probably the very latest version at that).

Port securtiy can be enabled with 'Sticky' MAC addresses so you don't have to manually enter all the MAC addresses. Still a bit of a pain to administer though if clients do move around.

HTH

Andy
 
Upvote 0 Downvote
Thx Andy for the information... Do you know if there is any info on the mac-proxy feature? I'll take a look on CCO, but it looks like you have more insight to this than I do.

I appreciate the help! Thanks again!
 
Upvote 0 Downvote
It has only appeared in the latest IOS release notes - 12.1(22)EA7 for Catalyst 2950 and 12.2(25)SEE for 2960,2970,3550,3560 and 3750. Cisco have apparently 'harmonised' the 802.1x code on all platforms (at least with the 12.2(25)SEE they have, although they introduced a BIG 802.1x Radius bug as well.....).

I remember getting a partner email last year about the Proxy-MAC authentication but then never heard anything more until these release notes.

HTH

Andy
 
Upvote 0 Downvote
Andy, do you have the link for the release notes? I've looked on CCO at the release notes for the images that you denoted, and I can't find that information. Can you assist me with this please.

Thanks
 
Upvote 0 Downvote
Thanks again Andy...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
541
DavetheChef
DavetheChef
Luzbel
  • Locked
  • Question Question
Connecting HVAC controller to network
Replies
0
Views
584
Luzbel
Luzbel
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
569
CPM86
CPM86
testman1
  • Locked
  • Question Question
SIP telephone ring on second call
Replies
0
Views
445
testman1
testman1
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
659
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top