VLANS and 802.1X

abbas.ali · ‎09-30-2003

I have already set my network up with 6509 (Core switch) and 4506 and 3750 as access switches. VLANs Load Balancing are also configured between EtherChannel links. Now Management requires to adopt 802.1X technology to secure VLANS since they want each user to be authenticated by Cisco ACS server. What configuration I will need for my switches in order to configure 802.1X and VLANS by Users by keeping the same network design?

I am little confused because some articles show that it will require to configure VLANs by User-ID. I already have my VLANS configured by ports (between the switches), and hoping that would not require any changes. All I can think of that the ports belong to Workstations may need to setup as VLANs by User ID, not by ports.

nikhil_m · ‎10-06-2003

I guess Vlans configured by ports should work...

mschooley · ‎10-06-2003

you leave the vlans assigned to a "default" or "unsecured" vlan, the turn on do1x auth on the ports and clients then vlans are dynamically assigned via acs according to user id. Note, "default" or "unsecured" vlan needs to be able to reach login servers and depending on logon method may have to use certificates on machines

abbas.ali · ‎10-06-2003

Thanks mschooley ! quick question what about the ports between the switches (Trunk Ports). I have configured EtherChannel with Redundant Links. Do I have to worry about those ports. I think not because I believe only host ports need to be configured with 802.1x.