03-06-2007 06:14 AM - edited 03-05-2019 02:44 PM
Hi,
We are currently looking at 802.1x as solution to manual port security but I have heard horror stories about 802.1x deployments due to third party supplicant etc. Were looking at using Microsoft certificate services and Microsoft RADIUS services for the global deployment. Most of the systems are running XP SP2. Has anyone done large scale 802.1x deployments?? If so any advice on what to do and what not to due before I get this into the lab?
Thanks.
03-06-2007 10:10 AM
Mike,
I dont have experience with microsoft RADIUS service but I have recently done a demo project for one of my customer for IBNS using 802.1x with guest vlan and failed authentication vlan user assignment.We have use Cisco ACS4.0 server for RADIUS services and used Windows XP's built-in 802.1x supplicant. We used Microsoft PEAP with the certificate service and it all went pretty well.
I have used Cisco's 802.1x supplicant and it has worked pretty well in my tests.You might have to upgrade you switches to the latest IOS for support of authentication failed vlans. The older IOS doesnot have the authentication failed feature.
HTH,
-amit singh
03-06-2007 01:13 PM
Amit,
Thanks for the response. Can you send me a link to "failed authentication vlan"? Is this an IBNS feature?
Thanks,
Mike
03-06-2007 09:59 PM
Mike,
Here you go :
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_31s/conf/dot1x.htm#wp1198927
HTH,
-amit singh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide