10-06-2006 03:03 AM - edited 03-10-2019 02:46 PM
Hi,
Basically we are planing to implement 802.1x in conjunction with a ACS appliance. The plan being that end user auth's it will allow access to certain areas of the network (specific VLAN's and specific ports, all of which are audited). My question is behind the auth mechanism - do I need a client on the PC or will it pass thru current auth credentials (AD, LDAP etc..) ? Or can I just allow everyone through, but allowing restricted access to a specific VLAN?
Any pointers etc. would be very helpful.
Many thanks.
10-06-2006 11:01 PM
Hi Robin,
I had tested the setup but the login credentials were created on the ACS Server and not integrated with LDAP, AD etc.
Regarding the client PC configuration, all you need is a NIC that supports dot1x (winXP will do)
When the NIC port comes up, it will prompt you for the username & password.
HTH
Narayan
10-08-2006 12:29 AM
Thanks for the info,
I see what you are saying but what about servers and the like, how would they be handleded? Could I just assign dot1x information to the physical interface and how would that interact with ACS? i.e. would it be audited?
From a PC configuration we do use with either novell (ldap) or AD so I can guess I can pass thru auth from the PC to ACS?
10-08-2006 07:33 AM
Robin,
you should consider only the desktop ports to be dot1x enabled.
The servers would always be in one vlan and i dont think there is any need of port based authentication for them.
you can configure access-lists on the SVI which will take care of the access policies of diffrent vlans.
The desktop port can be assigned to a particular VLAN ID through dot1x and that would mean that the port is bound to be under the access control policies of that VLAN.
HTH, rate if it does
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide