cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

540
Views
0
Helpful
2
Replies
jason
Beginner

RADIUS and dot1x questions

Hello,

I'm working on a test rollout of 802.1x. I have a few (hopefully quick) questions that I can't seem to find in the docs...

1) Is there a way to configure a switch to use two separate RADIUS servers, one for auth/authen and one for accounting?

2) Is there any link to the different software versions and trains, both IOS and CatOS, showing the minimum versions that have guest VLAN and authFail VLAN?

Thanks,

Jason Antman

Rutgers University

2 REPLIES 2
jason
Beginner

As I'm sure someone is going to ask, I'm going to be running on a number of different switches, but the bulk will be either 3550 or better running IOS 12.1(13)EA1a or 2948G's running CatOS .

2948G:

Running most recent software would be limited to the features in this configuration guide:

dot1x -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/8021x.html

aaa -

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.1/configuration/guide/authent.html

Unfortunately CatOS does not have a way to configure server groups which is what would be necessary to customize separate destinations for authentication versus authorization.

Furthermore in the dot1x guide there is no guest vlan nor auth fail features, only vlan assignment via Radius. Could use this to assign particular users to a restricted vlan. I would definitely read the section on 802.1x VLAN assignment Using a RADIUS server, if you are interested (in in the dot1x link above).

3550 -

Looks like guest vlan was introduced around 12.1(14)EA1,

Looks like auth fail was introduced around 12.2(25)SED, see:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_sed/release/notes/OL8114.html#wp94866

Looks like you will have to upgrade some of your older your 3550s.

Content for Community-Ad