802.1x on SF-300 Series switches

waynem@itgl.com · ‎07-24-2014

Can anyone give greater detail on the 802.1x functionality of these switches? For example to they support multi-domain authentication, multiple radius servers and dynamic VLAN allocation. Can I canfigure inaccesible authentication bypass?

Thanks

Brandon Svec · ‎07-24-2014

I am not an 802.1x expert but take a look at chapter 19 of admin guide and see if you still have questions: http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

-- please remember to rate and mark answered helpful posts --

chrebert · ‎07-25-2014

Hello,

I can tell you the Sx300 series switches do support multiple RADIUS servers and dynamic VLAN allocation.

The one setting I don't think they support will be the MDA. There are ways to setup the 802.1x on these switches so that multiple different hosts can authenticate on the same port, however it is not as specifically meant for phones as MDA seems to be. Take a look at the Administration Guide. The section covering 802.1x starts on page 381 (418 in the PDF). Read over how the multi-host authentication works, you may be able to get what you need out of that.

As for inaccessible authentication bypass, from what I have read on that feature it allows you to set certain ports as critical, meaning if the RADIUS server cannot be reached they will be allowed onto the network anyway. The Small Business switches don't have that exact feature, however you can set it up to check the RADIUS first, then the local database. You could include only your critical devices in the local database, that way if the RADIUS server fails, they would just authenticate to the switch's database, and everyone else would be rejected until the RADIUS server came back online.

Hope that helps,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

*please rate helpful posts*