Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'd like to use the downloadable ACL feature with a cut-through proxy, but instead of using a username/password I'd like the client to be authenticated to the ACS via the PIX using a smartcard certificate.Is this possible?
Does anyone know if using NAC L2 802.1x supports authenticating all clients on one port? Or is it similar Cisco's standard 802.1x support where after one device authenticates on a port, all are allowed access?Thanks for the help. I can't seem to fi...
Does any version of the IOS include a DNS server? To make a long story short, I just need one record to be resolved on a non-routed subnet and am hoping I have can have a router act as a DNS server.
I'm currently testing 802.1x machine and user authentication using EAP-TLS. Right now I'm testing them separately, and machine auth works great, but user auth doesn't.Here's what I'm using:Smart Cards ->Built-in Microsoft XP supplicant ->Catalyst 400...
Essentially, you create a voice VLAN on your access port (the port where your phone plugs in), enable dot1x on it, plug your phone in and that's it. The phone sends a CDP packet to the switch identifying itself as a Cisco IP phone. The switch then ...
I did the tests with a 3750 and a 2950 and neither of them allowed access on the voice VLAN before 802.1x authentication succeeded. Looks like what I was seeing earlier was just a bug in the IOS on the 4006.But now the question is, what do people do...
Catalyst 4006 with a Supervisor III and IOS 12.2(25)EWA (the latest greatest)I plan on testing this on a 3550 to see if it is a bug with the 4006 or deliberate behavior. I'll let you know what I find.
I found my answer. The problem was with the Microsoft supplicant. It wasn't prompting me to type in the PIN to unlock the smart card, so it couldn't read the certificate and thus the EAP process was timing out.In order for the Windows supplicant to...
I'm researching implementing 802.1x with a Cisco switch (4006 with a Sup III and IOS 12.2(25)EWA) and Nortel wired IP phones (1140E's). I found a solution that seems to work, although I'm not sure if it's a bug or desired behavior on the switch's pa...
